The opinions expressed herein are entirely my own and do not represent the opinions of any other entity with which I am affiliated. Opinions expressed in comments and trackbacks are those of their respective authors and do not necessarily reflect my own point of view.
All works are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.
© Copyright 2006-2009 MalwareTeks
Here we have another in a long line of Scams centered around MySpace. This time it is how to create a digital picture for your MySpace account without the use of a digital camera or scanner. This new technology uses your computer monitor. Oh boy not that old joke, resurfacing as a scam.
Instantly develop a new MySpace picture without a digital camera or scanner!
A new camera technology has been released that can actually use your computer monitor to take a picture of you and your surroundings. This technology “dot-dithers” your screen to act as a camera receptacle. The beta website captures your image just as if you had the computer connected to a video cam.
Try it out!
Select the type of screen you are currently using…
LCD Monitor (thin flatscreen)
Traditional monitor (bulky)
Television
Laptop
None of the above
Not sureContinue to Free Beta Site
Cool, NOT!!! This all starts when you receive a Group Invite on MySpace, from someone you absolutely don’t know; inviting you to join a group with a pretty vague name. Pretty typical fare for this type of scam. So, your just a little bit curious and click on the profile pic to take a peek. Bad move!!!
Just to satisfy your curiosity, here are the 2 images that make up the page. Yes, you can click on the Click Here image; it links to the animated gif on my server.
The Click Here image scrolls across the page; and you can click on either the background or the animated gif and be taken to the page (ScreenShot #1).
Group Details:
Group Name: Very very cool
Founded: Jan 14, 2007
Location: Las Vegas, Nevada - US
Members: 15
OK, so you clicked on the image and are taken to the comment form; and decided you don’t want to answer anything and hit the back button on the browser. So, you go back to the site that got you here, right. No, this is where you wind up.
Not exactly what you had in mind. Clicking the browsers back button will get you caught in a vicious circle between the Comment form and this page. You’re getting pretty pissed after a few tries at backing out, aren’t you.
Examining the Page Source, it’s a straight forward redirect, with a count down script. Says the offer expires in 300 seconds and you can watch it count all the way down to 1 second and stop; never actually counts down to 0.
Scrolling down the page reveals the company that is running this promotion “Top Quality Ringtones”, which is really Funmobile 8383 Limited; operating out of Shatin, Hong Kong. Viewing the bottom of the web page reveals the Terms and Conditions and links to the Privacy Policy, Contact information and opt out information.
I don’t know about you, but I have no intention of giving these people my personal information and having my account charged $5.99 weekly of $9.99 monthly; depending on the cell phone provider . Who knows where my personal information will wind up. I do know that my cell phone inbox will fill up with Spam text messages, as well as my email inbox. Thanks, but no thanks.
Let’s move on to the really interesting stuff. I want to check out this new “dot-dithering” technology that can make my Monitor a camera. I just can’t contain myself. I’m always checking out new technology and finding ways of adopting it to enhance the user’s viewing experience (Sarcasm folks). So, let’s pick a monitor type and click through to the next page.
Trying to back out of this page using the browsers back button will get you the Ringtones promotional page. Same stupid behavior.
OK, let’s take the picture. Make sure you look at the “twinkling” spot in the lens.
Yep backing out of this page will get you the Ringtones promotional page.
Time to pick up my photo, By the way I have been examining the page source for all the pages. To this point there has been no malicious scripts or “drive-by” install attempts on any of the pages.
Time to pick-up my photo. Wonder how it will turn out?
They claim this is not a Phishing Scam
Please note, this is NOT a “phishing” page.
From examining the page source, it doesn’t appear that the email and password data isn’t actually submitted anywhere. At least not from what I could tell. My advice is to err on the side of caution and don’t submit any personal data, that includes your MySpace login and password, on this site.
Notice the Terms of Use/Privacy Policy at the bottom of the page:
Terms of Use / Privacy Policy:
By filling out this form, you authorize us to spread the word about this funny site. You will enjoy your friends’ reactions and you will receive all of the credit. This is a harmless e-Card site looking to spread the laughter!
We do not share your private information with any third parties. We do not “SPAM” people with commercial messages nor do we collect any information to be used outside the scope of this free tell-a-friends promotion! This is not a “phishing” site that attempts to “trick” you into revealing personal information. Everything we do with your information is disclosed here.
This page is not affiliated with or operated by MySpace(tm).
ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.
We may do a combination of the following based on your friends’ interest.
1. Temporarily access your MySpace account for the following purpose(s).
2. Post “magic camera” bulletins in the appropriate section.
3. Invite your friends to a “magic camera” group.
4. Invite your friends to a “magic camera” event.
5. Comment your “top” friends once about this “magic camera.”
6. Send one batch of “magic camera” messages on your behalf.
7. Create a small floating profile overlay (very cool!).
8. Introduce new entertaining sites.This is a free service. You will not be asked to pay at any time. You will not be subscribed to anything asking for payment. This service is made possible by many hours of human effort.
H’m they say it’s harmless and they are not “Phishing”; yet they ask for your MySpace Account info. This appears to actually be a phishing attempt, a poorly implemented phishing scam.
So, what does happen when I click the button labeled “Send To Friends”?
Wow, I get a reward. I wonder what I get. Let’s find out. I type the word rewards into my browser navigation bar; hit enter. Here comes my reward.
Yep, same old tired Ringtone promotional page. Looks like they really want me to buy some ringtones. Filling in that page and submitting your information will get you what seems like an endless stream of promotional pages. If you like your Cellphone and email inboxes filling up with Spam; and someone other than you accessing your MySpace account; be my guest, fill in all those forms with your personal and sensitive information. As for me, no thanks not happening.
So, just how did I come across this site. Well on Digg http://digg.com/security/Down_Pour_Net_The_latest_Myspace_password_sca mh_wowh, I read the blog http://down-pour.net/wpblog/2007/01/14/the-latest-myspace-password-sca m-wow/, and read Ivan’s rather intense profanity filled tirade on his MySpace Blog WARNING: EXPLICT LANGUAGE http://blog.myspace.com/ivanthepig. Dude, get a grip.
Both claim that this site/scam will inundate your computer with spyware. I found no evidence that this is the case. I found no malicious scripts, no “drive by” install attempts, no downloads. Nothing, nada, zilch, zip. No Spyware, Viruses, Trojans. No malware what so ever.
What I did find is a scam site. A site that is designed to harvest email addresses, cell phone numbers, and what looks like a “phishing” attempt to obtain your MySpace account information.
XHTML:
More Options ...
Categories
Tag Cloud
Blog RSS
Comments RSS
Void « Default
Life 
Earth 
Wind 
Water 
Fire Light
Previous: 
Next: 
Comment Meta:
Last 50 Posts 
Back
4:26 am - January 17th, 2007
Hey man, this is Lou from http://www.down-pour.net. I just wanted to say that you did an excellent job on going in-depth on this, I didn’t feel like putting that effort into it and seeing exactly what the code looked like, so I applaud you.
It seems you’re right, there’s no spyware or malware from what you’ve found. However, considering as shortly after viewing the page I was inundated with group invites and messages for the scam, I figure a lot of people fell for it.
And yes… Ivan’s a bit touchy sometimes, and gets rather raving mad a lot haha… Usually it’s for entertainment’s sake, but who knows, really.
Just want to say thanks again for the great blog post about this scam, and also thanks for the links to me and ivan. Keep up the great work man!
Lou
4:29 am - January 17th, 2007
I GOT PUBLICITY!
Rock on man. Glad you found, and was able to read my little hate-filled tirade. I realize there was no “spyware” on this. Its rather obvious - but when you’re speaking in a laymans terms, how do you get refrain from people going to something by “scaring” them into believing that its hazardous?
You must realize, that most people, have the attention-span of a turtle. Especially those on MySpace. When you write “hey, this site is a scam site that tries to attempt to get your MySpace login information to publish their ads on your profile… blah blah blah”
People, will usually stop reading around “scam site” and move on to the next, whatever-they-were-doing.
When you mention it like “This Site Has Spyware!” Its a perfect motive to grab peoples attention - no matter how stupid, or ignorant you may be …you know that, based on commercials and other publicly stated means, Spyware = Bad.
As someone, randomly, what “Spyware” is.
It works.
Anyways, I just want to let you know that I do appreciate the article and a “clarification” to others that end up reading this.
P.S. Why aren’t you my friend on MySpace by now?
*grins*
- Ivan
9:25 pm - January 17th, 2007
Thanks Lou,
This is what I do in my spare time hunt down scams, phishing sites and malware removal. It’s a never ending task.
I revisited the scam site again, other than changing the “Free Offer” it’s still the same. They haven’t changed any of their code, and the MySpace Account info doesn’t seem to be submit anywhere. ‘on-click=”flag 0″‘ the flags are define in exit2.js. There is a flag=1 variable with associated code, but no flag=0. Which means when some one clicks on the ‘Send to Friends’ button it just falls through to the next executable line. That takes you to the rewards page.
If they intended to set up a phishing site, they botched the code.
See anymore stuff like this feel free to email me the link. I’ll take a look at the site. People are getting some really nasty stuff following these MySpace Invites.
email addy spd(at)malwareteks(dot)com
10:50 pm - January 17th, 2007
I see it all the time, last week I disinfect a system that had 1783 infected files that were visible. People are constantly surfing the net, downloading and installing stuff they shouldn’t. Going to sites and filling out forms they shouldn’t. The passwords they use are laughable.
The kiddies on MySpace just don’t have a clue, and they don’t care. It’s a gold mine for the Cyber Criminal.
Just today I had one guy tell me that he should spend less time thinking, and more time following directions.
If I hadn’t stumbled across the digg, I would have never of known about that site.
See anymore stuff like this feel free to email me the link. I’ll take a look at the site. People are getting some really nasty stuff following these MySpace Invites.
email addy spd(at)malwareteks(dot)com
Done
7:54 am - January 18th, 2007
SPD - Good stuff man, I’m going to link to you from my blog, I think you’ve got a quality site up here. And feel free to add me on myspace as well, if you’ve got Ivan’s, then I’m on his top list. Keep it up man.