« Penis enlargement on Myspace
How your Myspace got hacked »

Notifying spamming profiles

About a day ago I started notifying people when I saw their profiles spamming on Myspace. So far I’ve had almost 100% reply rate with thanks from those I’ve sent messages to. Here’s what I tell them:

Subject: Runaway comments

Hi,

I found a comment “from you” on so and so’s profile. Have a look. I know you didn’t write it… Bottom line: The bad guys have the password for your profile. You need to change your password. How much damage control you do is up to you of course. Some send out a bulletin making excuses and ask others not to sign up for the trackers you find ads for in the comments section. And to not install the ProfileWatcher software. Or not to log in to myspace after receiving some e-mail with some ruse to get you to log in after following a link from that e-mail.

The spam comments are usually found on profiles belonging to famous people. Typically those with many thousand friends, who get more than ten comments per day. Some have even disabled HTML in comments, to make the impact felt less when spammy comments don’t get removed.

What I SHOULD do of course, after I get the thank you note, is to follow up with a friend request ;-)

And from now on I’ll add these links, telling the profile owner to check it out if they installed ProfileWatcher:

Vitalsecurity on ProfileWatcher 1.0, Vitalsecurity on ProfileWatcher 2.0

This entry was posted on Thursday, March 15th, 2007 at 2:10 pm and is filed under Social networking spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “Notifying spamming profiles”

  1. Joe Says:
    March 15th, 2007 at 9:56 pm

    If this is like the problem Flickr was having recently the stolen passwords were due to spyware on the victim’s computer. So changing their password before they clean their system won’t do any good.

  2. admin Says:
    March 16th, 2007 at 2:02 pm

    There are different reasons for the problems these people are having. Some have installed ProfileWatcher, some have signed up for a tracker, and some have gotten a fake e-mail.

    I haven’t tested the ProfileWatcher software, but from what I saw on Vitalsecurity, it looks as though it doesn’t spy on your system realtime. Looks as though it produces popups for you to log in. If that’s how it works, then changing your password might be enough.

    One of the people I e-mailed said they’d deleted his page. It DOES look rather bare at the moment.

  3. Neil Schwartzman Says:
    March 16th, 2007 at 3:00 pm

    The scam is a simple one - phish Myspace users. Find some with a lot of friends. Plop some spyware up, everyone who visits gets infected. Weee!

Leave a Reply