Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: FW: myspace - add hundreds of friends instantly and automatically with this awesome tool
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Sat, 7 Jan 2006 01:42:19 +0530

Xavier,  

You wrote: 
as for that 'virtually invisible' part, now I'd like to know what the
author of that site meant by that 

Yeah !! the 'virtually invisible' part in the faq is bit intriguing... This
is perhaps just for a FUD..  

- D

-----Original Message-----
From: Xavier [mailto:compromise () gmail com] 
Sent: Saturday, January 07, 2006 1:30 AM
To: Debasis Mohanty
Cc: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] FW: myspace - add hundreds of friends
instantly and automatically with this awesome tool

Debasis,

it looks like the 'bot' simply automates the process in which friends are
invited, or at least thats what the FAQ seems to make one think:

"Q: Picture varification code comes up while adding friends why?
A: One of Myspace's new security features.  It pops up every once in a
while, just punch the numbers in and the program is good to keep going."

if this bot indeed exploited some sort of XSS hole, and propagated, or used
some sort of attack technique to automatically invite users without
acceptance of the target user -- then that'd be interesting to dissect.
however I do not think that is the case:

"Q: It stoped adding friends. What happened?
A: MySpace.com has limits in their site where you can only add so many at a
time. Try to stay under 450 per day and you sould be fine."

as for that 'virtually invisible' part, now I'd like to know what the author
of that site meant by that -- unless a second account is created to send the
invites from, and within the invites themselves contained the real user
seeking friends. *shrug*

-- Xavier.


On 1/6/06, Debasis Mohanty <mail () hackingspirits com> wrote:



Although I am not much familiar  with myspace and have never used it but
the samy's outbreak was really  interesting and dragged my attention a
little towards such worms.



It seems 'samy' is not alone in  this field and there are couple of 
bots seems to be still exploiting myspace. 
http://myfriendadder.com/index.html

The interesting part is this  particular bot claim to make the 
attacker's login ID invisible to the admins -



http://myfriendadder.com/faq.html

<snip>

Q: Can I be banned by using this  program?
A: This version of the program makes you  invisible to myspace.com 
admins making you  'virtually unbannable'.

</snip>



A myspace friend adder bot project  bid can seen here

http://www.getafreelancer.com/projects/Visual-Basic/MySpace-Friend-Add
ing-Bot.html



A quick googling  result

http://www.google.co.in/search?q=myspace+bot&btnG=Search&hl=en





- Debasis


 ________________________________

From: myspace technical  group [mailto:support () myspace com]
Sent: Friday, January 06, 2006  1:33 AM
To: mail () hackingspirits com
Subject: myspace - add  hundreds of friends instantly and 
automatically with this awesome  tool


 This message  was brought to you from your subscription to myspace 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]