by certifiedbug on July 22, 2006
in Security
BBC News website
By Mark Ward Technology Correspondent
“This is a criminal act,” said Hemanshu Nigam, MySpace chief security officer. “This ad is being delivered by ad networks who distribute these ads to over a thousand sites across the Internet in addition to ours.”
“We are working to have these ad networks remove this ad so that they do not appear on our site,” he said.
Chris Boyd, director of Malware research at Facetime Security Labs, said sites such as MySpace and Orkut often felt like “gated communities” and made people feel more secure than they should.
Article here
by certifiedbug on July 21, 2006
in Security
Washington Post
Security Fix
Brian Krebs writes
Hacked Ad Seen on MySpace Served Spyware to a Million
An online banner advertisement that ran on MySpace.com and other sites over the past week used a Windows security flaw to infect more than a million users with spyware when people merely browsed the sites with unpatched versions of Windows, according to data collected by iDefense, a Verisign company.
Internet Explorer users who visited a Web page containing this ad and whose IE was not equipped with the WMF patch would not get that warning. Rather, their machines would silently download a Trojan horse program that installs junk software in the PurityScan/ClickSpring family of adware.
Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Published: January 5, 2006
Six months later apprantly many have still not patched. 
by certifiedbug on July 17, 2006
in Security
blog.spywareguide.com
Posted on July 17, 2006
Paperghost writes:
Now, there is talk of an exploit that relies on redirects via Flash, meaning the hacker has complete control over your profile. You can see the ripples being made here on Digg - should be interesting to see if Myspace put out some kind of “official response” to this one as it’s really caught fire.
by certifiedbug on July 14, 2006
in Security
Online social networking site MySpace.com appears to have become a target of adware/spyware makers.
MySpaceBar Installed From DollarRevenue via Regifast!
13 July 2006
WebHelper writes:
MySpace again being used by yet another adware group called Regifast.com. While rechecking a Dollarrevenue bundled installer for the Regifast.com adware: content.dollarrevenue.com/regifast.exe, I found it not only bundles Deskwizz in its own install but also I got a surprise message: “Please, enter your MySpace account information”.
More information and screenshots.
Zango Adware found on MySpace
By Gregg Keizer, TechWeb
11 July 2006
itnews
After a security researcher said Monday that MySpace users were spreading adware through the social networking service to ring up ad fees from Zango, the marketing company admitted one of its own developers had set up the MySpace profiles.
Zango, however, said the developer was acting without approval and in ignorance of the company’s “hands-off” policy regarding MySpace.
Teenagers used to push Zango on Myspace?
Sunday, July 09, 2006
Vitalsecurity
Paperghost writes:
Well, I was rattling around Myspace the other day, and had the sudden urge to start searching for Adware companies.
by certifiedbug on June 7, 2006
in Security
McAfee Avert Labs Blog
Security and Children’s Web Sites
Tuesday May 30, 2006 at 3:48 pm CST
Posted by Jimmy Kuo
Late last year, I was asked in an interview where I thought the arena of online attacks would go. My response was to look at children-friendly sites and games like Neopets, MapleStory, and Runescape. Well, my prediction was not exactly correct. None of these sites have been hit by any automated or programmatic attacks, though each suffers from its own versions of social engineering attacks (more commonly referred to by kids as “scams�?). However, shortly thereafter, worms were released on both Myspace and Xanga
It’s always a good time to discuss computer security issues with your children. Here’s some thoughts to start:
