Friendster Exploit Explained

I’ve never plan my trip down to a cyber cafe this weekend, but I guess I needed to download some of my work down the net. As usual, I would do my daily internet routine. Upon checking my Friendster account, there were a lot of people posting that they have updated their profile but the strange thing is that these were posted in the bulletien board. Scrolling down, some other user pointed out that there were a profile that was spreading this so call “virus”. Hmm, anomalies, interesting…

After a 5 minutes investigation, I’ve found out that it was a profile that was running an script exploit. Users that visted the profile would be redirected to another fake Friendster log in site, which was hosted at a free hosting site, 65gb.com. Thinking that you might have some computer glitch or you have just logged out unintentionally, you will have to “login in” again but the account info is to be transferred to another script that would automatically repost a message at the bulletien board, perpetrating that you have updated your photo ablum. Neat.

Though I might say that the person who did this was just a script kiddie, none the less, at least he had put in some effort in detail. I, for one, would have been tricked if I had not notice that the Friendster had “moved” to a free hosting site.

Brings me back to the days of social engineering hacking.

PS: Reported to both sites about the abuse. Exploit started around 4.17pm 16th June 2007.

Advertisements

2 Responses

  1. The hack is exploited on myspace.
    when a user clicks REPLY the fake login page comes up

  2. so does anyone have the script for this fakey ? ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: