[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] FW: myspace - add hundreds of friends instantly and automatically with this awesome tool

Xavier,  

>> You wrote: 
>> as for that 'virtually invisible' part, now I'd like to know what the
author of that site meant by that 

Yeah !! the 'virtually invisible' part in the faq is bit intriguing... This
is perhaps just for a FUD..  

- D

-----Original Message-----
From: Xavier [mailto:compromise@xxxxxxxxx] 
Sent: Saturday, January 07, 2006 1:30 AM
To: Debasis Mohanty
Cc: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] FW: myspace - add hundreds of friends
instantly and automatically with this awesome tool

Debasis,

it looks like the 'bot' simply automates the process in which friends are
invited, or at least thats what the FAQ seems to make one think:

"Q: Picture varification code comes up while adding friends why?
A: One of Myspace's new security features.  It pops up every once in a
while, just punch the numbers in and the program is good to keep going."

if this bot indeed exploited some sort of XSS hole, and propagated, or used
some sort of attack technique to automatically invite users without
acceptance of the target user -- then that'd be interesting to dissect.
however I do not think that is the case:

"Q: It stoped adding friends. What happened?
A: MySpace.com has limits in their site where you can only add so many at a
time. Try to stay under 450 per day and you sould be fine."

as for that 'virtually invisible' part, now I'd like to know what the author
of that site meant by that -- unless a second account is created to send the
invites from, and within the invites themselves contained the real user
seeking friends. *shrug*

-- Xavier.


On 1/6/06, Debasis Mohanty <mail@xxxxxxxxxxxxxxxxxx> wrote:
>
>
>
> Although I am not much familiar  with myspace and have never used it but
the samy's outbreak was really  interesting and dragged my attention a
little towards such worms.
>
>
>
> It seems 'samy' is not alone in  this field and there are couple of 
> bots seems to be still exploiting myspace. 
> http://myfriendadder.com/index.html
>
> The interesting part is this  particular bot claim to make the 
> attacker's login ID invisible to the admins -
>
>
>
> http://myfriendadder.com/faq.html
>
> <snip>
>
> Q: Can I be banned by using this  program?
> A: This version of the program makes you  invisible to myspace.com 
> admins making you  'virtually unbannable'.
>
> </snip>
>
>
>
> A myspace friend adder bot project  bid can seen here
>
> http://www.getafreelancer.com/projects/Visual-Basic/MySpace-Friend-Add
> ing-Bot.html
>
>
>
> A quick googling  result
>
> http://www.google.co.in/search?q=myspace+bot&btnG=Search&hl=en
>
>
>
>
>
> - Debasis
>
>
>  ________________________________

> From: myspace technical  group [mailto:support@xxxxxxxxxxx]
> Sent: Friday, January 06, 2006  1:33 AM
> To: mail@xxxxxxxxxxxxxxxxxx
> Subject: myspace - add  hundreds of friends instantly and 
> automatically with this awesome  tool
>
>
>  This message  was brought to you from your subscription to myspace 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/