New MySpace Phish using CSS

This afternoon we discovered another attack on Myspace. MySpace users receive a message in their profile from someone called "Arnelle" with the following text: "this chick is using like almost all of ur pix and part of ur profile.. people have no lives, i swear. heres the URL if u want to check it out"

Followed by a link to their Myspace page. The page itself is hosted within the domain and is a users profile page. Upon accessing the site the user is presented with their login credentials.

A couple things to note here. The code writer took special note to change the authentication picture to show that it says, “” instead of “” as it normally should. One mistake the code writer made was that he did not create a password field which hides the password while the end user types it in. Websense® - Blog: New MySpace Phish using CSS.

Linked by shanmuga Monday, 15th January 2007 11:50PM