Categories

BitTorrent
Conferences
Direct Revenue
Julie Amero
Myspace
Podcasts
Postbag
The Big Ones
The Fourth Wall
Yapbrowser
Zango

Creative Commons License
All articles licensed
under a Creative
Commons License.  








Home | About me | Press | The Fourth Wall | Links

Friday, December 01, 2006

Phishing attack on Myspace leads to....Zango videos

Let's get right to the point:

1) A new Myspace worm
2) Bad guys using HREF functionality available to Quicktime files to launch malicious Javascript
3) Hacked websites hosting fake Myspace login details, used to Phish accounts
4) A pornographic website (that the hacked profiles link to) that contains Zango content, as well as using a popunder to display more Zango videos.

Yep, it's time for more Zango. Here we have yet another joketastic distribution setup, with the sole intent of spamming Zango adware across Myspace.

A while ago on the Spywareguide Blog, I covered a technique being used to exploit HREF functionality in Quicktime files (basically, you can use the movie to open a website or use Javascript...yes, I think it's a bad idea too). Well, someone is using rogue Quicktime files to run Javascript that puts a fake login bar on your profile page. If you login, you are (to coin a phrase) screwed, and you can expect your contacts to be spammed with the porn movie in the above screenshot. Anyone clicking it will be directed to the site below - Vidchicks.com.

The site in question not only carries tons of hardcore p0rn (with Zango videos, naturally) but also employs a popunder full of more creamy Zango goodness. Basically, wherever you look you're going to see some premium Ron Jeremy style action going on.

Check out the screenshot - the black page is the popunder stuffed with Zango porn, and the thing behind it is the site launched from the spam filling up Myspace.

You can see the full writeup on this one at the Spywareguide Blog. You can also see more information on this here, too. We're currently collecting a big heap o' stuff (technical term) on who we think is behind this, and you can hopefully expect some asskicking action coming real soon.

For now, I guess that's another one for Zango to add to the rogue affiliate list. I should also add that this boobery managed to hijack my sister's page, and though that's hardly the biggest deal in the world it sucked up at least five valuable minutes of my time to clean out the garbage. I guess that's a good enough excuse to declare Jihad on this crap and take the war into the streets, Punisher style and exact unholy and demonic revenge upon all would wrong ye. Er, me. Oh, whatever.

Anyone involved in this is going down, and going down hard.

.....honestly, what a joke. I wonder if the FTC will find it as funny as I do...

More Coverage: SecurityFocus Infoworld F-Secure Slashdot

Labels: , ,

posted by paperghost at 1:15 PM | Digg it!

All Content © Vitalsecurity.org 2006. The content of this site is entirely the opinion of Paperghost, and is in no way endorsed by FaceTime Communications. In other words - have a problem, come see me.