gRegorLove little g big R

Avoiding Myspace Trouble

There is a technique being used on Myspace to spread spam by taking advantage of the trusted nature of your friends list. When you receive a bulletin from a friend, you will probably not think twice before clicking any links in the message - particularly if it's something like “check out these photos I took”. The page that loads when you click the link takes advantage of the fact that you are logged into Myspace and quietly posts a bulletin from your account. Usually it will be the exact same bulletin you just read. As you might expect, this message will spread quickly as more users continue to click the links (expecting photos from their friends) and thus send the bulletins to even more people, unknowingly.

First things first

Check to make sure you are not currently a victim of this. Log in to your Myspace account, go to Mail -> Bulletin -> Show Bulletins I've Posted. If there are any bulletins in the list that you did not explicitly post, delete them.

Next, if you are still using Internet Explorer as your web browser, just stop it already. :-] Get Firefox. It's free, and far better. No it will not automatically protect you from the technique described above, but it's an important start and by the end of this post it will be helping protect you better.

What to look for

Do not open links directly if you are not sure it is a trusted site. Move your mouse over the link and the status bar at the bottom of the browser will show you the full link. If it's not a site that you know and trust, you should not open it while logged in to Myspace. You can copy the link and either log out of Myspace before opening it, or open it in a different web browser (such as Internet Explorer - since you're using Firefox now, right?) Either way, the important thing is that you are not logged in to Myspace with the browser you open the link in. This way, if it is a spam-sending link, you will not fall victim to it. If the linked page prompts you to log in to Myspace, do not do it. Never login unless the site in the address bar is http://www.myspace.com or http://login.myspace.com.

A few other points

Lately these attacks have been using Adobe Flash. If the link ends in “.swf” you definitely should not open it; that's a link to a Flash file and is almost guaranteed to be malicious. Make sure that you have the most recent version of the Flash plugin (v9). Firefox users should also probably get the Flashblock extension (added bonus: blocks obnoxious animated ads online).

Hopefully this has been helpful. Spread the word to your other Myspace friends so they don't fall victim to spammers. :-]

View responses or leave your own response

published

Previous article:

Next article:

My name is gRegor Morrill, a.k.a. gRegorLove. I live in San Diego, enjoy tinkering on the web, and try to make people laugh. Yes, “Gregor is a weird name,” and I know gRegor is a weird capitalization. More about me

If you would like to keep up with my posts, check out How to Follow Me.

Responses

BurnDark BurnDark
and if you just can't live without the look and feel of IE, you can make firefox look like it by following the directions at http://johnhaller.com/jh/mo...

And speaking of IE's look and feel, have you seen IE 7? I abhor it's look.
APE APE
What do you do if this has already happened to you? How do you un-do it?

See under “First things first” for how to delete the bulletins. More than likely your password has *not* been compromised, so deleting the bulletins is all you really need to do.
Ali Ali
Yeah, I've noticed friends sending bogus bulletins. Great advice here, nice job!
Benji Benji
Awesome! Thanks man. And I dig the handy dandy comments link on the bottom. Way to have a user-friendly web-presense. Seriously, no sarcasm, you're my role-model in that from now on. peace bro.
Allison Allison
The Office is brilliant. I've been watching it basically nonstop for a couple days now.

And yes... I now have your phone number, blood type, AND - you forgot this one - your social security number. Yeah... look out.

I need an excuse to visit Indy. I miss your crazy antics. Get working on that.
Allison Allison
Your face is TV.

And technically... it's DVD.
tanasha tanasha
i cant find my password out

This is an older post, so the public comment form is now closed. You can still use the form above to send me the link of your reply or sign in with your email to leave a comment. You can always send me a message, too.

Search

Proud member of An IndieWeb Webring 🕸💍