Friendster Spam
Posted Friday, July 21st, 2006 12:39 am by J. Angelo Racoma
Viewed 12328 times | Related entries: Security, The Internet
I’m not much of a Friendster fan, especially since I’ve had my share of viewing sucky and crappy profile page layouts. In my list of web apps with the highest propensity for abuse in terms of design/layout, Friendster’s up there at number two, just below MySpace.
But I do use it occasionally to stalk network with friends and acquaintances. Lately, I’ve been seeing this message being posted repeatedly by some of my contacts on the bulletin boards:
Date:
Tuesday, 18 July, 2006 4:31 PMSubject:
boob flashing of famous mestiza model in embassy last satMessage:
Fresh pix from the said incident last saturday at embassy bar is finally out. This famous mestiza commercial model and product endorser was doing it all for the camera, last sat night at embassy bar. Based on the sources this mestiza chic was apparently drunk and wasted at that incident, making her careless.. and bra-less if I may say… For sure you know this famous mestiza model. Almost 20 pix of the said incident are posted on this friendster link, check it out before they pull those naughty & mestizalicious pix out. check it out at www.friendster.com/embassyvip
So the perv curious person in me tried to check out this profile page linked at the bottom of the bulletin board entry, but it’s apparently been suspended. I did some research and guess what? The bulletin board posting seemed to be some form of spam used to hook unsuspecting users into viewing the page and re-posting the spam using their own accounts.
Had the profile page been active, it would’ve re-posted the same spam message on my bulletin board for all my friends to see.
Upon clicking on the link, I am not really sure what is happening right after I clicked it, but it looks like an HTML table tag or a big div tag box that has a high z-index trying to go over the whole page hiding what is happening. A black box loads up and displays the following text which are loaded images that reads:
please wait… photos still loading (don’t click on anything until all photos have loaded)
Then after waiting, the page then forwards back to the bulletin board and has already posted on the bulletin board using your Friendster account.
Complaining Never Gets Old (blogspot site is down; Google cache here) lists what actually happens when one opens the profile page:
1) sends a smile to friendster user id: 9613366 (from you of course)
2) sends a request to the user named: jhay-jhay gutilban (consistent with the user id mentioned above) to be added as his/her friend
3) reposts the thing on your bulletin board with the link. (i.e. someone who posts once — hmm okay, okay curiosity maybe ..but someone on your list posting more than once, REALLY wanted to see those pics!… tsk tsk… nahahalata yung mga manyak
)
I recently checked out jhay-jhay’s profile page and guess what, the shout-out says stop bugging me, please. I guess she was getting a lot of friend requests and smiles! (Popular, eh?)
AO’s Benj Arriola checked out the script used to facilitate the spamming and traced its origin to www.markyctrigger.com, which I think was just used as a tool to run other scripts, and not the culprit itself (or was it?).
At any rate, this tool–and other like it–usually used to create yet more crappy profile pages should be considered a security risk by Friendster.
Lesson learned: stop being a perv.
Related Entries:
9 Responses to “Friendster Spam ”
Virus 2.0. MySpace had ‘em first.
Mmm. MySpace.
Mmm indeed.
In my case, I never clicked on the link at the end of the bulletin post. I actually checked out the Embassy’s profile page, and voila! Hello post-that-came-out-of-nowhere.
..
Good thing you can still delete it though.
[...] I thought I’ve seen it all when it comes to social networking, from ugly profile layouts to malware-laden profile pages. Never mind that MySpace is apparently the most popular web app today (number one in terms of sending traffic to Google), and that probably no other site can surpass it in terms of user-base (and notriety). Here’s yet another social networking web app, and this time, it’s trying to penetrate a mobile userbase. [...]
[...] Alas, Friendster gave in to high demand of crappy and irritating profiles. Let us admit it, we are not all good profile designers. Worse, is by allowing scripts, friendster is now vulnerable from attention freaks who are harrasing innocent perverts. [...]
[...] I was first IM’d by Ms. Sharon Dela Cruz of Informatics Computer Institute at Commonwealth ave., Quezon City, Philippines, who was my co-teacher at the same school 3 years ago. And told me she read my post and told me that Mark Loreto, her student at the school felt bad about my post and what I wrote since it seemed that the website markyctrigger.com seemed to be the culprit of the Friendster Embassy VIP boob flash Friendster worm. I was quoted in the PinoyTechBlog, by J. Angelo Racoma about the same topic and he then mentioned this: AO’s Benj Arriola checked out the script used to facilitate the spamming and traced its origin to http://www.markyctrigger.com, which I think was just used as a tool to run other scripts, and not the culprit itself (or was it?). [...]
pano yang friendster spam na yan??? can anyone can teach me?!?!
Add Your Comments: