To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39160933,00.htm

MySpace targeted by cyber criminals
That many people in one place has to be tempting...

By Will Sturgeon

Published: Thursday 27 July 2006

Social networking portal MySpace is becoming a major target for cyber criminals, with credit card fraud, phishing attacks and spyware all growing concerns for users of the site.

One reason for the problems arising is the overwhelming popularity of the site which has created an ecosystem ripe for the picking by criminals, according to one security expert.

Mark Sunner, CTO of MessageLabs, told silicon.com: "MySpace appears to be coming under fire from all sorts of angles.

"Anywhere on the internet that you get a community you will make money. Whether it's Amazon or eBay - or now MySpace - it will make money for its owners but it also doesn't take the criminals long to wake up to the potential."

And as Amazon and eBay users have been targeted, most notably by phishing scams, so Sunner says it is now the turn of MySpace.

It is possible to buy tools that automate attacks on defined swatches of the MySpace community. They can even set up automated conversations with users - a technique gleaned from engines used to spam IM networks - which exploit social engineering to encourage users to either follow links or even, in some cases, hand over credit card numbers, supposedly for age verification.

Sunner directed silicon.com to one site where tools can be bought for less than $25 that enable users to launch conversations with thousands of users concurrently. (See more here). One example given is to inform users of a particular band playing a particular venue but Sunner suggests many users are finding far more malicious uses for the tools.

MySpace could not immediately be contacted for comment.

More info...

♦ How MySpace attacks can be tailored to individuals

Earlier this week, around the time MySpace was being plagued by downtime, security vendor McAfee blogged about spyware and adware applications that were being dropped onto users' machines from links on MySpace as users are tricked into clicking and downloading them.

Greg Day, security analyst at McAfee, told silicon.com there is a very basic rule in the security industry. "The more something becomes popular the more it becomes attacked," he said.

MessageLabs' Sunner said: "MySpace has suddenly appeared as this cultural phenomenon and it's created a large enough ecosystem to appeal to the bad guys."

As such, Sunner said the company must now act to protect its users. "They have a responsibility to take some steps," he said, suggesting the company should monitor what content is posted onto its site, or at the very least provide more education for users.