Rapid growth of MySpace carries risk
By Gary Gentile
Associated Press
LOS ANGELES — MySpace devotee Kary Rogers was expecting to see a gut-busting video when a friend from the popular online hangout messaged him a link.
First, though, he was directed to a page where he was supposed to re-enter his password. Rogers realized that someone was trying to steal his information, and he didn't take the bait. At best, he would be spammed with junk e-mails; worse, the Web thief might steal his real-life identity.
"I immediately went back and changed my password," said Rogers, 29, a network analyst for Mississippi State University in Starkville, Miss.
MySpace bills itself as a "place for friends." Increasingly, it is also a place for unfriendly attacks from digital miscreants on the prowl, luring users to sexually explicit Web sites, clogging mailboxes with spam messages and playing on the trust users have when speaking to "friends" to obtain passwords that could lead to identity theft.
Managing the risks that come with rapid growth is an enormous challenge for MySpace, now part of Rupert Murdoch's News Corp. media conglomerate. The site can't afford to drive away users, who might defect to one of a growing number of alternative sites, or advertisers, who pay top dollar to reach the growing MySpace audience.
Last month, MySpace inched past Yahoo Inc. in U.S. page views, recording 38.7 billion, according to comScore Media Metrix.
A key reason behind the popularity is its ease. Simply by adding a few lines of computer code, users can create elaborate profiles and personalize them with photos, music and video. A host of communication tools makes it easy to send messages to one person or a whole list of friends, who number into the thousands for some of the more popular MySpace users.
Those same tools can be used by vandals to make it look like an innocent user has sent spam to the same long list of "friends."
Programmers are writing scripts that take advantage of specific features on MySpace, including "friend request," where one user asks to be added to another user's list of buddies.
One recent scam works this way: A spammer posts a number of phony profiles featuring pictures of cute women, often promising nude photos. A "friend request" with the woman's photo is sent to hundreds of users.
Once the fake profile loads, a blue screen descends, saying the profile is protected by the "MySpace Adult Content Viewer." Unsuspecting users who try to download the viewer instead get a worm that installs adware on their computers.
Social-networking sites make good targets because of the implicit level of trust users have when they're interacting with "friends."
"The ongoing interaction lowers your reservations and security barriers," said Marc Gaffan, an expert in online fraud and security at RSA, the security division of EMC Corp.
MySpace, which News Corp. bought last year for some $580 million, has recognized the threat and is stepping up security efforts, said Hemanshu Nigam, its chief security officer.