CSS Image Replacement Being Used As Phishing Tool on MySpace?


Transparent images being used as MySpace Phishing tool.SecurityFocus recently reported that the number of page views garnered by fraudulent sites climbed by a factor of five in March and April, fueled by a phishing scheme targeting MySpace users.

Nature of the Attack

According to the report:

The attack used a modification to the style sheet of a user’s profile to place a transparent image over the page, causing a click on a link — or anywhere else on the page — to redirect the visitor to a fake MySpace login page…

While a MySpace account does not have any intrinsic monetary value, phishers had come up with ways to monetize this attack… We observed hijacked accounts being used to spread bulletin board spam for some advertising revenue. -Colin Whittaker of Google’s Anti-Phishing Team

Lessons to be Learned

XSS is a tricky vulnerability. It’s a client-side vulnerability, meaning that MySpace’s security measures will only be as strong as its users.

I was saddened when I heard the news. CSS is supposed to provide presentation to Web pages. I’ve been using CSS since I learned of its benefits. For example, I use CSS to replace text headers with images (image replacement technique), or to insert a background image to an otherwise plain DIV element. But to place a transparent PNG or GIF file over a link is just misleading. Add to that the bogus Web page that does nothing but log usernames and passwords when you click on the link. The method doesn’t exactly refer to the image replacement technique. It’s more of like reversing the method by placing an image (which is transparent) over a link instead of replacing a link with an image. I consider it an abuse of CSS best practices. However, I don’t quite understand how this is being done because like any other social networking site, editing of the XHTML code is prohibited in MySpace. Anyway, regardless of how complex these phishing attacks may be, there are still a lot who fall victims to them.

MySpace’s user base is currently more than 40 million strong. No wonder numerous dirty tips n’ tricks have been published. With regard to these phishing schemes, extra caution is strongly advised when browsing the MySpace network. Here are a few tips I recommend:

  • If your Web browser isn’t updated, UPDATE it!
  • Display the address bar and the status bar of your Web browser. Opera doesn’t display the status bar by default.
  • Don’t go on a clicking spree when browsing MySpace. Remember, use extra caution.
  • Instead of immediately clicking on a link in MySpace, hover over it for a moment and check if the address displayed in the status bar is still a valid MySpace domain.
  • If you’ve clicked on a link, check the address bar if the domain is a legitimate MySpace domain.
  • A legitimate MySpace domain is spelled as myspace, not mysp4ce, my5pace, or my5p4c3.
  • If you’re repeatedly asked for login credentials, make sure to check if the address is a valid MySpace domain. Otherwise, opt out of it right away.

As you may have noticed, extra caution was added to the common sense formula to provide extra strength to the fortress. It may take a while for MySpace to consider using SSL in their login page. So while waiting, don’t be a weak link in the MySpace security chain. Exercise caution for a more secure surfing experience.

Related Posts

  • No related posts.

This entry was posted on Tuesday, June 12th, 2007 at 12:57 and is filed under Web News. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

25 Responses to “CSS Image Replacement Being Used As Phishing Tool on MySpace?”

  1. Tommy Chieng Says:
    June 15th, 2007 at 15:20

    This happens to Friendster too.
    I was fooled to login in again when I click on a image (photo) of my friend’s profile.
    As I know html, I quickly look at the source of the page and found out that the submission of the login was made an external website instead of friendster’s. I changed my password immediately after that.

    Must be extra careful.

  2. Gabriel Says:
    June 17th, 2007 at 13:49

    Hello Tommy,

    Oh, I didn’t know that. We do need to be extra careful because of these recent developments. Good for you. Basic knowledge of HTML helps a lot in these situations.

  3. layouts myspace Says:
    February 26th, 2008 at 3:36

    many people login to any website pages with out checking in the adress bar what they are doing and entering there private details in any website they should keep an eye over the address bar:D

  4. Pink Myspace Layouts Says:
    March 25th, 2008 at 8:56

    Another good tip to add to your list is to never click on a link through an email address if possible. Always manually type in the address if you can, and this way your chances of getting your personal password stolen by a phishing site will be drastically reduced. I have a lot of friends who had their ebay and/or paypal username and password stolen by visiting links through email so DO NOT do this.

  5. friend adder Says:
    April 8th, 2008 at 13:56

    I had someone steal one of my accounts whey business partner loged into one of these sites/ As you stated if it dosent say myspace.com in the browser don’t click on it

  6. AllThatBlog.com Says:
    April 16th, 2008 at 7:42

    Hey everybody, I created a safe, fun website for cool glitter graphics that can be used on your MySpace profile. Get yours today! :)

  7. how to play guitar Says:
    May 7th, 2008 at 16:59

    This is very informative.I was once a victim of phishing in myspace, i was brought back to where you’ll log in after i clicking one of my friend’s profile picture, i soon found out that someone is using my account by sending these endorsements and using them as comments to all my friends!

    I was surprised because i wasn’t even online the whole week when that incident happened!
    Now i am more aware of what’s happening and more careful when i try to log in.

    Well i agree that we should pay extra careful when browsing myspace and try to read the important stuffs so that our accounts wont end up being used by someone else, just for their profit.

    Very informative indeed! =p

  8. Myspace Backgrounds Says:
    June 14th, 2008 at 12:02

    Hey check this cool site out.

  9. Shopping Cart Software Says:
    June 20th, 2008 at 23:49

    I think you must also update your firewall.

  10. Monex Fraud Says:
    August 20th, 2008 at 7:33

    I guess no site is safe to surf anymore. This is where Firefox is very helpful in identifying bad sites. But MySpace? Even that’s not safe?

  11. marketing on myspace Says:
    August 23rd, 2008 at 2:11

    this has been happening a lot i had to change my myspace account because my account was spamming peoples bulletins and comments.

  12. sohbet Says:
    September 5th, 2008 at 7:12

    I guess no site is safe to surf anymore. This is where Firefox is very helpful in identifying .

  13. mirc Says:
    September 6th, 2008 at 8:22

    thank you

  14. Power Tool Says:
    November 4th, 2008 at 19:50

    A firewall is essential.

  15. Clean Red Widgets Says:
    November 14th, 2008 at 6:43

    If you are using a recent version of firefox as your web browser, it will warn you when you are on a suspected phishing site, there are lots of anto virus software that does the same thing though too…as stated above, look at the url and if it looks phishy, then it more than likely is :)

  16. Frontpage Templates Says:
    January 13th, 2009 at 19:22

    If you haven’t updated Firefox from version 2 to version 3, you’ll want to do so. They aren’t publishing any more security updates for the version 2 Firefox browser as of Dec-08, so get version 3 asap!

  17. Pontoon Boats Says:
    February 18th, 2009 at 0:09

    Almost all of my friends have fell victim the myspace phishing - I know because the spam bot is posting crazy bulletins just use the newest version of firefox and you should be safe.

  18. payday loans Says:
    March 7th, 2009 at 2:35

    CSS is supposed to provide presentation to Web pages. I’ve been using CSS since I learned of its benefits, but I guess no site is safe to surf anymore.

  19. payday loans Says:
    March 21st, 2009 at 6:21

    Thanks for listing these lessons learned.

  20. St. George golf community Says:
    March 25th, 2009 at 6:49

    Wow. I’m suprised that someone could bypass all those encoding barriers and actually do that. Luckilly i got rid of my myspace a long time ago. That was excellent advice on checking the htmls..ill be more careful about opting in to any irregularites.

  21. St. George golf community Says:
    March 25th, 2009 at 6:52

    i haven’t ever come across any myspace scams quite like this..that is amazing that someone is smart enough (or ignorant enough) to bypass all the CSS and phishing barriers and do that. Ill be more careful checking the domain names..thanks!

  22. commodity broker Says:
    March 29th, 2009 at 23:28

    Theres new software out that tells u when u are getting scamed by myspace, it’s available thru firefox

  23. Cash Advance Online Says:
    May 20th, 2009 at 2:00

    i think myspace rocks.

  24. jayy Says:
    May 20th, 2009 at 7:26

    This is a great site the article has been very very helpful and i would recommend it, and some good points have been made here, this what blogging should be about.

  25. Bill Says:
    July 13th, 2009 at 22:13

    Hey guys I just found a great new site where you can get download free music and even add it to your Myspace or other webpages! Check it out.