Social-Networking

This is disturbing.

Is that the sound of your flesh crawling off your bones? No? Well, how about when I tell you that this “dating site”for 13 year old kids is called “Mylol.net”?

Originally, the site invited you to download Zango videos once you were a member (videos that require you to be 18 or older to install the Adware. Remember this, because it”ll become real important in a few moments).

So it does, read the rest at Vitalsecurity.
Presenting a “Teen Dating Website”. No, Seriously.

{ 0 comments }

A FortiGuard Advisory January 2, 2008 warned their researchers had discovered a malicious widget called “Secret Crush” spreading on Facebook, the social networking site, which prompted users to install the application.

Users were informed they needed to invite at least five more friends to Secret Crush before proceeding, and then were invited to download a Crush Calculator application which contained Zango software. Zango or its affliates are often depicted in the media as adware/spyware.

Zango has publicly denied involvement with Secret Crush.

Fortinet’s so-called “Advisory,” issued Wednesday with the attention-seeking headline “Facebook Widget Installing Spyware,” is completely false as it relates to Zango. A thorough investigation by Zango security personnel reveals no silent or surreptitious installation of any software, much less any “spyware,” by or in connection with the “Secret Crush” widget.

CNET News.com’s Caroline McCarthy writes that on Monday, January 6, 2008 Facebook announced:

Facebook is committed to user safety and security and, to that end, its Terms of Service for developers explicitly state that applications should not use adware and spyware,” a statement from the company read. “We have contacted the developers and have disabled the Secret Crush application for violating Facebook Platform Terms of Service.

Zango said the Secret Crush widget on Facebook is now called the “My Admirer” widget.

Apprantly Zango is making the rounds posting disclaimers, such as the comment left on Security MVP Shaba’s pcsecurity blog.

{ 0 comments }

Connecticut Attorney General’s Office
Press Release. May 21, 2007
Attorney General Announces MySpace To Provide Convicted Sex Offender Information

Attorney General Richard Blumenthal today announced that MySpace has agreed to provide Connecticut with information he requested about convicted sex offenders with profiles on the site. Blumenthal commended MySpace for this decision and called for additional measures to protect children on social networking sites.

Blumenthal and other attorneys general wrote MySpace last week seeking the names and addresses of thousands of convicted sex offenders with profiles on the social networking web site. The letter also asked how many sex offenders MySpace has identified, how many profiles have been removed, as well as what steps the site has taken to purge them, and to alert law enforcement and users who communicated with the offenders.

“I am pleased that MySpace has heeded our demand, now by subpoena, to provide information about convicted sex offenders and confirm steps to remove them from the site,” Blumenthal said.

“There are at least 5,000 registered convicted sex offenders with MySpace profiles posing an immediate, urgent risk to children - potentially violating their parole and probation, and requiring more vigilant measures. MySpace has decided to do the right thing, but additional steps are necessary, such as age verification, to protect children from predators on social networking sites.

“Our subpoena compels this information right away - within hours not weeks, without delay - because it is vital to protecting children. Many of these sex offenders may have violated their parole or probation by contacting or soliciting children on MySpace.

“I commend MySpace for taking this step and welcome this cooperation. Social networking sites should not be playgrounds for predators. Other social networking web sites should follow MySpace’s lead to kick out sex offenders and keep them off their sites.

“I will continue to help lead our coalition of all 50 states in urging MySpace to make its site safer by instituting age verification and raising its minimum age to 16. Despite this positive step, these convicted sex offenders are just the most visible tip of the predator problem, because there may be thousands more such profiles using false names or lacking felony convictions. Additional steps such as age and identity verification are urgently and immediately needed,” Blumenthal said.

“I have issued this subpoena demanding information from MySpace.com so as to protect the many Connecticut children who are using this website,” said Department of Consumer Protection Commissioner Jerry Farrell, Jr., who issued the subpoena at Blumenthal’s request. “However, while this information about sex offenders from Myspace will be helpful, it is not a substitute for parents being vigilant about who their children are dealing with online.”

Blumenthal expects to receive the information promptly in response to a subpoena issued today.

MySpace announced in December 2006 that it hired Sentinel Tech Holdings to check the site for registered sex offenders. Blumenthal and the other attorneys general wrote MySpace after receiving information that Sentinel’s search disclosed thousands of offenders with MySpace profiles.

MySpace is in the news again, this time accused of serving up Winfixer advertisements and attempted installs of rogue programs well known in the antispyware community. Namely WinAntiVirus Pro and DriveCleaner aka Errorsafe.

Article by The Register MySpace slams ad networks over ’scareware’

Sandi Hardmeier writes,

The MySpace articles are being sourced from Rapid Media, the same provider that CiD uses to source advertisements for the Messenger Plus! sponsor program.
Spyware Sucks

From the spywareguide.com blog.

A while ago on the Spywareguide Blog, I covered a technique being used in Peer to Peer land involving URLs being embedded in Quicktime movies, which would then pop open a website. This has now been taken to the next level, with an intensive and seemingly never ending Phish attack, the sole aim of which seems to be directing end-users to a collection of Zango movies on a pornographic website.

Article

November 6, 2006
Websense Security Labs reports:
Malicious Website / Malicious Code: Fradulent You Tube video on MySpace installing Zango Cash

Websense® Security LabsTM has discovered a number of user pages on the MySpace domain which have videos that look like they are from You Tube. The videos have an installer embedded within them for the Zango Cash Toolbar.

Screenshots

Monday, November 06, 2006

Zango Return to Myspace

Trojan serves up Zango Videos - another rogue affiliate?

PaperGhost:

Great, you get hijacked AND go crosseyed but that’s not all -

I have an odd sense of deja-vu.

{ 0 comments }

The MySpace saga continues:

Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim’s username and password to a remote server hosted in France.

Article

PCWorld Reports that the attack was shut down by MySpace around 10 a.m. Pacific this morning.
Apprantly the attacker had registered an account named login_home_index_html, therefore the MySpace page hosting the fake login appeared to be a legitimate place where users could sign onto the service.

If, as is typical with such sites, MySpace has a database of user names that are off limits why did they allow the registration of login_home_index_html ?

Beats me and just another reason MySpace is blocked in my household.

Thousands of emails have been sent out by fraudsters spoofing MySpace.

The message in the email states, “You’ve got a new song from (name) on MySpace!”, inviting recipients to click on an url that directs to a site claiming to sell MP3 music.

This is a scam to collect credit card information for fraudulent use.

Advisory at Fortinet