MySpace - A Place for Spyware

"MySpace - a place for friends". That's how it officially reads on their logo. I think it should read "MySpace - a place for spyware". Perhaps just call it MySpyware or SpySpace.

Like many people, I have a MySpace account. You can visit it here if you like. Unlike the majority of MySpace users, I don't log in to my account very frequently. In the last month, I've logged in a total of 3 times. Of those 3 times, my computer was infected with spyware twice. Those odds aren't very good if you ask me.

Strangely, it only happened when I was loged in to my MySpace account and not while just browsing (without being logged in). Why is that? I've read how some people (not associated with MySpace) have been able to use the social networking website to spread malware and redirect traffic by taking advantage of security holes in the site and/or 3rd party plugins used on it. Are my two recent infections the work of outside crackers though?

The first time, it happened as soon as I logged in to my account. I got a pop-up message warning about spyware. I thought that the pop-up itself was a trick to get me to click on it so that the spyware could install itself - a common trick used these days. To play it safe, I closed my web browser through Windows Task Manager so that I wouldn't have to click on anything and risk infection. I immediately ran a virus and spyware scan. Sure enough, a trojan called Zuten was detected and removed.

Maybe my internet protection software just isn't up to par. It's stopped viruses in real time before (without the need to perform a scan and then clean), yet this spyware made it through easily, requiring a scan to remove it.

The second time, just a couple of hours ago, I was logged in to my account for a short duration. I accepted a new friend request (from someone I already know), commented on a couple of profiles and a photo, then got a similar spyware pop-up warning. I took the same action as before and ran another scan. This time a generic dropper was identified and removed. WTF?

According to my internet security software, my PC is clean now, but I'm kind of pissed off that these things made it through so easily in the first place. The weird thing is that the pop-ups didn't seem to be from my internet security software. They recommended some other service for removal, which is why I didn't click on them. I'm not sure if that's a MySpace thing or perhaps even a feature of FireFox? No - I haven't done my homework on that one yet. Instead, I was busy making that nifty MySpace Spyware animated GIF up top. I wish I had done a screen cap of the pop-up I got both times, but I wasn't thinking about archiving it at the time - I was more concerned with minimizing potential damage.

So what's the deal? Is MySpace itself actually deploying some kind of spyware? Perhaps a little "gift" from the social networking site to "improve our experience"? I've never fully read their terms of service, so I don't know what's considered fair play. Even so, I doubt MySpace would ever participate in such a practice by design as they'd quickly loose everyone's trust... or one would think.

If the spyware didn't come from the MySpace machine itself, then how the hell were they deployed? Both times I got the pop-up, I was navigating to either my home page (the page seen just after logging in, not the profile), or on my messaging area. How would an outside cracker infiltrate those areas? Regardless of how, it seems they did.

Even though I have enjoyed meeting and communicating with some very cool people via MySpace, I'm considering deleting my profile, or just removing everything from it and never logging in again. The site seems like a great big digital disease spreading cesspool masquerading as "a place for friends". I don't use MySpace often and usually only log in after I get enough e-mails indicating I have new messages, friend requests, or birthday reminders waiting for me to attend to. Why put my myself at risk when I barely use the service?

I can't help but wonder how many people are loaded up with spyware and other malware they picked up while on MySpace and don't even know it. Many internet users don't bother to keep their internet security software up to date.

What do you think? Are you a MySpace addict who doesn't mind a few run-ins with the spyware that seems to be running rampant there? Have you ditched MySpace for Facebook? Is Facebook any safer? Would you like to be my MySpace BFF and shoot me a friend request so I can log in and risk another spyware invasion? LOL Why are social networking sites such a popular thing these days, anyway? I'm a little clueless on that one and not afraid to admit it. Enlighten me, my children.

Show me you care and share, share SHARE!


I think I may know what the deal is on that window that popped up. You see, most spyware makes your computer pop up a window suggesting you try some kind of a virus protection app that's likely a trojan. I had a laptop get infected with spyware once, insanity... :(

For future reference, look for things to ID a Spyware-triggered windows dialog:

-Exclamation points. Windows never uses them. It has absolutely no personality whatsoever, so no Windows-triggered dialog will ever read "Your computer is infected with Spyware!".

-"windows". You will never see windows or microsoft in all lowercase. They should always read "Windows", "Microsoft" or "Microsoft Corp.".

-Any typos, spelling errors, etc. That gives it away.

Hope that helps. :)

Thanks for your insight, TRON.dll. Much appreciated. :-)

I was suspicious of the warning pop-ups immediately because they were not from my own net security software. The spyware wasn't on my computer for more than a minute or so each time before getting nuked. Yes, my spyware goes STRAIGHT to the microwave! Explodes just like the kitchen scene in Gremlins. SPLAT! :-P

I didn't log in to MySpace much before, but I log in even less now. I wasn't exactly a MySpace fan to begin with. This kind of crap doesn't help any. So good that they're on top of things. ;-)

Leave a comment

About this Entry

This page contains a single entry by Todd published on August 23, 2008 12:01 AM.

Lonely Empty Beer Bottle was the previous entry on this site.

A Little Goomba As Seen On A Real NES is the next entry on this site.

Find recent content on the main index or look in the archives to find all content.

Powered by Movable Type 4.1