[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] FW: myspace - add hundreds of friends instantly and automatically with this awesome tool

To: Debasis Mohanty <mail@xxxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] FW: myspace - add hundreds of friends instantly and automatically with this awesome tool
From: Xavier <compromise@xxxxxxxxx>
Date: Fri, 6 Jan 2006 14:59:48 -0500

Debasis,

it looks like the 'bot' simply automates the process in which friends
are invited, or at least thats what the FAQ seems to make one think:

"Q: Picture varification code comes up while adding friends
why?
A: One of Myspace's new security features.  It pops up
every once in a while, just punch the numbers in and the
program is good to keep going."

if this bot indeed exploited some sort of XSS hole, and propagated, or
used some sort of attack technique to automatically invite users
without acceptance of the target user -- then that'd be interesting to
dissect. however I do not think that is the case:

"Q: It stoped adding friends. What happened?
A: MySpace.com has limits in their site where you can only
add so many at a time. Try to stay under 450 per day and
you sould be fine."

as for that 'virtually invisible' part, now I'd like to know what the
author of that site meant by that -- unless a second account is
created to send the invites from, and within the invites themselves
contained the real user seeking friends. *shrug*

-- Xavier.

On 1/6/06, Debasis Mohanty <mail@xxxxxxxxxxxxxxxxxx> wrote:
>
>
>
> Although I am not much familiar  with myspace and have never used it but the 
> samy's outbreak was really  interesting and dragged my attention a little 
> towards such worms.
>
>
>
> It seems 'samy' is not alone in  this field and there are couple of bots 
> seems to be still exploiting myspace. http://myfriendadder.com/index.html
>
> The interesting part is this  particular bot claim to make the attacker's 
> login ID invisible to the admins -
>
>
>
> http://myfriendadder.com/faq.html
>
> <snip>
>
> Q: Can I be banned by using this  program?
> A: This version of the program makes you  invisible to
> myspace.com admins making you  'virtually unbannable'.
>
> </snip>
>
>
>
> A myspace friend adder bot project  bid can seen here
>
> http://www.getafreelancer.com/projects/Visual-Basic/MySpace-Friend-Adding-Bot.html
>
>
>
> A quick googling  result
>
> http://www.google.co.in/search?q=myspace+bot&btnG=Search&hl=en
>
>
>
>
>
> - Debasis
>
>
>  ________________________________

> From: myspace technical  group [mailto:support@xxxxxxxxxxx]
> Sent: Friday, January 06, 2006  1:33 AM
> To: mail@xxxxxxxxxxxxxxxxxx
> Subject: myspace - add  hundreds of friends instantly and automatically with 
> this awesome  tool
>
>
>  This message  was brought to you from your subscription to myspace
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- RE: [Full-disclosure] FW: myspace - add hundreds of friends instantly and automatically with this awesome tool
  - From: Debasis Mohanty

References:
- [Full-disclosure] FW: myspace - add hundreds of friends instantly and automatically with this awesome tool
  - From: Debasis Mohanty

Prev by Date: RE: RE[Full-disclosure] WMF Risk Analysis for Win9X anyone ?
Next by Date: [Full-disclosure] Re: what we REALLY learned from WMF
Previous by thread: [Full-disclosure] FW: myspace - add hundreds of friends instantly and automatically with this awesome tool
Next by thread: RE: [Full-disclosure] FW: myspace - add hundreds of friends instantly and automatically with this awesome tool
Index(es):
- Date
- Thread