|
Full Disclosure
mailing list archives
RE: FW: myspace - add hundreds of friends instantly and automatically with this awesome tool
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Sat, 7 Jan 2006 01:42:19 +0530
Xavier,
You wrote:
as for that 'virtually invisible' part, now I'd like to know what the
author of that site meant by that
Yeah !! the 'virtually invisible' part in the faq is bit intriguing... This
is perhaps just for a FUD..
- D
-----Original Message-----
From: Xavier [mailto:compromise () gmail com]
Sent: Saturday, January 07, 2006 1:30 AM
To: Debasis Mohanty
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] FW: myspace - add hundreds of friends
instantly and automatically with this awesome tool
Debasis,
it looks like the 'bot' simply automates the process in which friends are
invited, or at least thats what the FAQ seems to make one think:
"Q: Picture varification code comes up while adding friends why?
A: One of Myspace's new security features. It pops up every once in a
while, just punch the numbers in and the program is good to keep going."
if this bot indeed exploited some sort of XSS hole, and propagated, or used
some sort of attack technique to automatically invite users without
acceptance of the target user -- then that'd be interesting to dissect.
however I do not think that is the case:
"Q: It stoped adding friends. What happened?
A: MySpace.com has limits in their site where you can only add so many at a
time. Try to stay under 450 per day and you sould be fine."
as for that 'virtually invisible' part, now I'd like to know what the author
of that site meant by that -- unless a second account is created to send the
invites from, and within the invites themselves contained the real user
seeking friends. *shrug*
-- Xavier.
On 1/6/06, Debasis Mohanty <mail () hackingspirits com> wrote:
Although I am not much familiar with myspace and have never used it but
the samy's outbreak was really interesting and dragged my attention a
little towards such worms.
It seems 'samy' is not alone in this field and there are couple of
bots seems to be still exploiting myspace.
http://myfriendadder.com/index.html
The interesting part is this particular bot claim to make the
attacker's login ID invisible to the admins -
http://myfriendadder.com/faq.html
<snip>
Q: Can I be banned by using this program?
A: This version of the program makes you invisible to myspace.com
admins making you 'virtually unbannable'.
</snip>
A myspace friend adder bot project bid can seen here
http://www.getafreelancer.com/projects/Visual-Basic/MySpace-Friend-Add
ing-Bot.html
A quick googling result
http://www.google.co.in/search?q=myspace+bot&btnG=Search&hl=en
- Debasis
________________________________
From: myspace technical group [mailto:support () myspace com]
Sent: Friday, January 06, 2006 1:33 AM
To: mail () hackingspirits com
Subject: myspace - add hundreds of friends instantly and
automatically with this awesome tool
This message was brought to you from your subscription to myspace
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
