It appears as if the social network king is under attack from within. Phishers, best known for harvesting your ID for financial gain, found yet another way to dupe users into revealing their login ID–and this time without “leaving” MySpace’s domain.
(Netcraft News) Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim’s username and password to a remote server hosted in France. [...]
Because the fraudulent login page is hosted on MySpace’s own servers and does not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is convincing and even security-conscious users are at risk of becoming victims.
The Phishers of men (and women) created a “specially-crafted HTML” page on their profile which basically made it appear that a user had to re-login to MySpace, giving up your goodies to those with less than honest motives.
MySpace has since then taken down the page, but has not (to my knowledge) released a briefing regarding this attack. Millions of teenagers and adults use MySpace for personal and business reasons, but hopefully next time they visit their friends profile they will be more careful where they click.