MySpace Scams

We have come to find out that this profile watcher is still on the loose. Do not use any profile watchers or trackers. All they will do is steal you MySpace login information and put a virus or spyware onto your computer. The safest bet is to not add untrusted code to your myspace page. You never know who will try to abuse it.

If you have already downloaded and installed the Profile Watcher, you need to remove it immediately and then change your myspace password.

If you are having trouble removing it then try using a spyware solution or antivirus to run a scan for the remaining program.

Technical Information:
1. COVERT ANALYSIS OF: Profile Watcher

* File Names Used: 8
* Paths Used: 6
* Common File Name: MUBILY08.EXE
* Common Path: %CACHE%\CONTENT.IE5\????????\
* Vendor Information: ZeroPoint Search Solutions
* MUBILY08.EXE may use 8 or more path and file names, these are the most common:
* 1 :%DOCUMENTS%\PORN\PROFILEWATCHER_SETUP.EXE
* 2 :%DOCUMENTS%\PROFILEWATCHER_SETUP.EXE
* 3 :%DOCUMENTS%\PROGRAM DOWNLOADS\PROFILEWATCHER_SETUP.EXE
* 4 :%TEMP%\18ZO19OF.EXE
* 5 :%TEMP%\MUBILY08.EXE
* 6 :%TEMP%\QF0XP27P.EXE
* 7 :%TEMP%\YEGN7HV1.EXE
* 8 :?:\TEMP\6GBWBF4O.EXE
* File Name Structure: Common
* File and Path Structure: Suspicious, code execution from unusual location

2. RELATIONSHIP ANALYSIS OF: Profile Watcher

* No relationship details available for this object

3. ACTIVITY ANALYSIS OF: Profile Watcher

* The following behaviors have been observed for this object:
* Runs temporary programs.
* Runs other programs.

I’m sure most of you have seen this either on comments or inside of bulletins. Either way, this is SPAM. When you click on it, you will be installing spyware onto your computer. MySpace Scams would suggest removing it immediately if you have already installed it.

Description of Profile Watcher:
Dubious application that pertains to monitor myspace accounts. Closely affiliated with Zango, the application has direct links to Zango videos under the “Cool Videos, Games, & More” tab. Any application that requires you to enter private credentials, as this one does, warrants a healthy dose of cautious scepticism.

Vendor
zpsearch.com

To remove:
Make sure that you have a spam blocker installed.

MySpace has shut down phishing websites attempting to mimic MySpace, including the crafty rnyspace.com and myspaceplus.com. One user even customized the URL of his real MySpace profile to appear like the legitimate MySpace login page.

MySpace plans to offer free parental notification software in a bid to appease government critics, The Wall Street Journal reported on Wednesday.

Parents will be able to use the software, named “Zephyr,” to find out what name, age and location their children use to represent themselves on MySpace, the Journal said.

It would not allow parents to read their children’s e-mail or see their profile pages, and it would alert children that their information was being shared, the paper reported.

The news comes as a group of 33 state attorneys general considers whether to take action against MySpace if it does not raise the age limit to join the site to 16 from 14 and begin verifying members’ ages, the paper said.

A lawsuit would make for bad publicity for the site just as advertisers are overcoming their concerns about it, the paper said.

News Corp. bought the service for $580 million in 2005, and some analysts have speculated that it could be worth billions of dollars in the next several years.

Popular among teenagers, the site has had to deal with public criticism that some children who use it provide too much personal information, making them easy prey for sex offenders.

A primary challenge has been to add safety features while not alienating teenagers, the Journal reported.

Another problem is skepticism from the rest of the Internet industry, the paper said. One big question is whether the service would violate users’ privacy rights; another is whether other people besides parents could use the software to monitor children, the Journal said.

The privacy question prompted social networking site Facebook and blogging site Xanga to decline to join MySpace’s efforts, the paper reported.

Google Inc., Yahoo Inc., Microsoft Corp. and AOL have not said whether they would join the effort, the Journal said.

MySpace said in December that it would start offering technology to identify and block convicted sex offenders. The service would cover about 46 state sex offender registers.

MySpace also requires members over 18 years old to know the e-mail and first and last name of any 14- or 15-year-old members whom they want to contact.

PUNTA GORDA- A 34-year-old man who set up a drug deal with undercover police on MySpace.com was arrested Tuesday, officers said.

James Brian Johnston, of the 500 block of Myrtle Street, was charged with possession of marijuana with intent to distribute, a felony. Through the popular networking Web site, Johnston contacted an undercover officer posing as a 20-year-old woman and agreed to meet him at The Pines of Punta Gorda with several marijuana cigarettes, according to a Punta Gorda Police Department arrest report.

When detectives spotted Johnston’s red Oldsmobile, they conducted a traffic stop and found one marijuana cigarette inside, the report states. Johnston admitted he was attempting to deliver the drugs.

Johnston was being held at the Charlotte County jail with bail set at $2,500.

MySpace has been hit by a worm that exploits the Javascript cove of Apple QuickTime media player which lures users into a phishing scam. The worm causes users to click on faked links on a MySpace profile which directs them to a phishing site which attempts to get users to enter their MySpace login details.

The worm not only replaces legitimate links on MySpace.com user profiles with links to the phishing site, but it also manages to root infected videos into the victims’ profiles. The worm has already infected hundreds of user profiles, which have now been pulled down by MySpace. Further, the worm is infecting MySpace profiles with such efficiency that an informal scan of 150 such profiles found that close to a third of these were infected.

MySpace has asked Apple to fix the Javascript flaw in QuickTime. Javascript code and its variants such as AJAX, which execute applications on client computers, is an increasingly important part of the Web 2.0 services revolution, but has been criticized by many security experts as a target for attackers to worm their way into unsuspecting target computers.

Online scam artists send e-cards to get unsuspecting users to click on links, disclose personal information, and download potentially dangerous software.

`Tis the season to start receiving greeting cards, and a growing number of them, conveniently, will come via the Internet.

There’s only one problem: Some of the e-mails saying that you have an e-greeting card from a friend or family member may instead be from a scam artist intent on obtaining your Social Security number, credit card data or even brokerage account information.

“People like receiving greeting cards this time of year, and they are likely to click on these greetings” if they are in their e-mail inbox, said Stu Elefant, senior product manager for McAfee Inc., an Internet security firm that markets products that detect unsafe Web sites or e-mail. “There is more cybercrime because peoples’ defenses are down. They are in a more trusting mood, thanks to the holidays, and they are looking online for bargains.”

That is an irresistible mix for increasingly clever cybercrooks as they realize more people than ever will shop online this holiday season, as well as seek to save postage–and time–by e-mailing holiday greeting cards.

Online shopping is already off to a fast start.

“Online sales are up 23 percent, about $6.35 billion, so far this year versus a year ago,” said Gian Fulgoni, the Chicago-based chairman of ComScore Networks Inc., which tracks Web activity. His figures are from Nov. 1-19 and will be updated Sunday to reflect this weekend’s frenzied shopping.

Holiday cybershopping will steadily increase over the next few weeks, with Monday slated as one of the busiest Internet shopping days during the holiday period as people use downtime at work to shop online.

Overall, Fulgoni estimates that $24 billion will be spent online this year during November and December, which should account for about 7 percent of all retail activity.

“That’s probably up a full percentage point over last year,” he said.

Indeed, more people than ever are comfortable shopping online these days, with 91 percent of adults saying they use the Web to shop, according to a survey released Friday from Harris Interactive and Check Point Software Technologies.

But as more people turn to the Internet for at least some of their holiday purchases–or simply for comparison shopping–more crooks, too, are tracking their movements.

The average loss per “phishing” scam grew from $257 in 2005 to $1,244 in 2006, according to a November report from Internet research firm Gartner Inc. Losses stemming from such attacks reached more than $2.8 billion this year, Gartner found.

In Australia, a scam was uncovered in late October by Exploit Prevention Labs that was perpetrated through e-greeting cards. According to a TechNewsWorld story, accounts at nearly every Australian bank were affected when a major cybercrime group used fake Yahoo greeting cards to infect computers with malicious software that tracked keystrokes on PCs. This so-called “keylogger” software was used to steal credit card numbers, bank account user names and passwords.

Yahoo did not return messages Friday for comment.

Researchers with Exploit Prevention Labs added that the e-card spammers were also targeting computer users in North America, according to TechNewsWorld.

Indeed, since early fall, numerous computer users across the U.S. and in Chicago have noted a marked increase in e-card-based spam e-mail. The subject line typically reads, “You’ve received a greeting from a family member” or “You’ve received an animated postcard.”

The text inside these “phishing” e-mail messages asks people to “click here” to see the card. Phishing scams are an attempt to trick people into revealing personal information. If they click on these links, they could unwittingly be downloading software that could be used to separate users from their hard-earned holiday bonuses.

Elefant warns people to exercise extreme caution when e-greeting cards enter your inbox and to open messages only from people you know. If you have any doubt, he warned, don’t open the message.

The number of e-greetings sent this time of year typically doubles compared with the rest of the year. In October, for instance, visits to sites managed by American Greetings, where there are e-cards for holidays or birthdays, increased 66 percent over September, according to ComScore figures. That was the second-highest traffic increase for any Web site in October, ComScore reported.

Crooks are exploiting what security professionals like to call “social engineering,” Elefant said. Because humans are social beings, they’re more likely to open an e-mail they think is from a friend or family member than something unfamiliar.

“Social engineering is more prevalent this time of year because people want to click on an Internet greeting card or get a better deal at a store online. So it’s more prevalent this time of year, and this year it’s more prevalent than anytime it’s ever been.”

People also are helping the crooks more than before.

The growth of social networking sites like Facebook, MySpace and even YouTube are helping cybercriminals target computer users.

“There’s more personal information about people online at these sites,” Elefant said. At YouTube, for instance, many people who post videos also include a picture of themselves along with other personal information, such as an e-mail address.

A crook may then send a message to that user and write, “Hey, I saw your video at YouTube about skateboarding. If you want a new skateboard, come check out the deals at my site.”

Elefant said this is a common technique used by sexual predators but increasingly is being used for financial scams.

Another reason for the online crime wave, according to the Harris survey, is that few people adequately secure their computers. The survey found that 74 percent of people do not install a hardware firewall and 53 percent don’t use a software firewall. Only 22 percent have installed a proper suite of security software, according to the survey.

How to avoid online scams

- Purchase items through well-known retailers you can contact via phone if necessary.

- Check for a little yellow lock at the bottom right corner of your browser window when making a purchase. This indicates a secure transaction.

- Check bank and credit card statements frequently for suspicious transactions.

- Never give out personal financial information in response to an e-mail, including charity donations. Contact a charity directly on how to make an online donation.

- Do not click on links to Web sites embedded in e-mails. These links can direct a user to a phony e-commerce site that looks like a legitimate site.

- Use a separate e-mail account for online shopping. You can get free e-mail accounts through Google, Microsoft and Yahoo.

- Make sure your security software is up to date. If you use Wi-Fi, make sure your wireless network is secure.

- If you think you are the victim of a “phishing” scam or online identity theft, go to the Federal Trade Commission’s help site at www.consumer.gov/idtheft.

Article written by Eric Benderoff

Q What is the right age for my children to have their own MySpace profiles? How would you recommend monitoring their Web pages?

A MySpace has more than 40 million members and gets about 15 percent of all the Internet hits in the country, so caution is advised. Officially a child has to be 14 to have a private MySpace page - meaning they have to invite ‘‘friends” to join their site. This does offer some control over who has access to your children’s profiles.

How mature are your children and do you have a good honest relationship with them? It is important to explain the dangers of putting information on the Internet for the world to see; there are many predators out there. Be sure your children are cautious when setting up a MySpace profile: They will be asked for all sorts of personal information that could be used for other purposes. How about just using a first name or nickname?

    Have your computer in a common area where you can monitor what is being exchanged on the Web site. Give constant reminders that your children’s online friends may not be who they seem. You can be invited onto your children’s sites and periodically ask your children to see their profiles. Of course, your children may set up multiple profiles under different names, so you may not be able to see everything they are doing online.

    Have you actually been to MySpace.com yet? Although people argue that this is a good vehicle for keeping in touch with peers, I am appalled at some of the stuff I’ve seen there. Why not set up your own profile so you can see firsthand what is going on and discuss your concerns and rules with your children.