MySpace is truly the worst website on the Internet. I noticed spam bulletins coming from one of my friend’s accounts today. I went to her page to send her a message to let her know, and lo and behold, I got redirected to this page:
http://login.myspace.cfm.fuseaction.splash.mytoken.76701a26.da3e.44a3a17b.794380e6.com/da3e/index.php
See the screenshot. It’s designed to look like a MySpace login page, and it almost fooled me. The giveaway is the url: it’s not http://www.myspace.com/; it’s http://www.myspace.<blah blah blah>.com/. It’s what’s between the http:// and the next / that’s important — that isn’t a MySpace site!
Obviously, my friend’s account has been seriously compromised. Several buttons (send message, view pics, etc) have been changed, and now redirect to the website http://www.6064b195.com/, which then redirects to the fake login page.
This is the fundamental problem with MySpace: it’s so easy to abuse because it allows users — or hijackers — to insert pretty much any code (JavaScript, HTML, CSS, etc) they wish.
Update 4-19-2007: My friend was able to correct the problem by:
- Changing her password;
- Deleting all customizations from her page, since this is where the hijacker/phisher inserted his malicious code.
Yeap! That’ll pretty much do it. But allowing the code entry is what makes it so popular. Not all sites are so cookie cutter, you have more freedom to change the look and feel. Like a sword, you need to learn how to use it and be cautious when using it.