December 20, 2006
MySpace HELL: Helping a reader of StopScum turns into a Saturday spent in a Virus/Trojan and pop up Hell
Judy called me and wondered what to do. She was sitting at her "kids" computer which is also used by the entire family and MySpace was delivering Trojans/Viruses which Norton AV was catching and deleting. Compounding this weekend attack were full page pops with Advertising and no easy way to close them and a phony Flash security notice to download same. The only other open application was MySpace. I walked her through the appropriate procedures and promised her that I would also take a look.
My Saturday Trip to Hell via MySpace
Two minutes later I found myself in MySpace Hell. The exact same thing was happening to my machine as Judy reported. Norton AV caught and eliminated "Trojan.ByteVerify" and "Trojan.Download.Trojan". Sorry, I didn't have the inclination to take a screen grab of the phony Flash security notice and download prompt, the full page POP with no easy way to close same, and an entire series of Mouse Trapping procedures. Fortunately, I did an Alt Tab until I ran notepad and then killed all the process via the Windows Task Manager. Given this occurrence, I decided to take a look at a few things about MySpace and I should also warn you, NOT to try this. Here are a few issues which MySpace should immediately correct:
1. Run a search for "Porn" on the MySpace teen pages. I guarantee you that if you click on a few of the "Kids" pages, your system will be attacked if the slimmy advertising is running on the site which delivers the junk I noted above. In any event, Porn is easy to find. Please MySpace, spare me the PR dribble and or double talk. Filter and eliminate some key words on the members pages so others can't find them. This is childs play from a technical perspective. Your filter automatically STOPS the use of certain words and also eliminates them in current keyword descriptions. ELIMINATE ALL PORN from MySpace. Automate as much of this procedure as you can and hire more staff to eliminate Porn and ban these Porn purveyors for life.
2. MySpace, your not auditing your Advertisers creatives. It appears your giving them access to their creative stream so they insert banners which deliver Trojans and full page pops/mouse trapping which have no easy way to close. I'm darn sure that your advertisers were the source of my Saturday Hell. Think carefully, YOUR responsible. Hello? Get a clue? This normally spikes on a weekend when the slime bags understand that no one is watching. Also, your advertisers can even "broker" their slot on your site to other players whom you know nothing about. Get serious and police your advertisers 24/7/365.
3. Your SignUp page needs a serious transfusion and exhibit's a blatant and self serving disregard for privacy and security. Click here to open my screen capture in a new window. What's the problem? Your asking for confidential information but NOT using a "cert" as in "https". You have already prechecked the "Allow others to see when it's my birthday" That's an open invitation for ID Theft criminals, porn kings, child abusers, and other types of slime bags. Uncheck this option immediately.
4. Make it VERY EASY for your teen members and site visitors to report abuse to you and of course, act on these reports in a timely manner. NONE of your member pages have a hard coded "Report Abuse" link, located above the fold, on them. Get serious today and fix this.
Posted by Steve_S