With MySpace Friends like These, Who Needs Spammers?

Industry insiders snicker at the “revelation” that MySpace is a haven for spammers and phishers, and some even chuckle at the notion that suing spam kings will do anything to curb such abuse. But the less-clued in users of the site — the ones who rely on MySpace messages to keep in touch with friends and on bulletins to find out about this weekend’s parties and rock shows — would be surprised to know phished password lists are available via a quick Web search.

Last week, someone named “Papworth” put up for sale access to thousands of stolen MySpace accounts, priced at $15 per thousand. If you’ve got software like “Mychanger,” noted the black market entrepreneur, such lists can really come in handy.

It just so happens Mychanger, a spam application, is readily available from WiredWarez.com, the same site the account lists were advertised on. The program can be downloaded through a posting on one of the site’s forums, which says Mychanger can deliver spam bulletins “to thousands of accounts per minute. A very useful program if you take part in affiliate programs or if you need to drive traffic to your website/forum.”

Recipients of such spam may receive a bulletin from someone in their friends list, promoting offers like $50 gift cards; the actual account holder is the unwitting pawn in the affiliate marketing game. MySpace bulletins are messages sent from one user to all users on that person’s friends list.

Fifteen dollars seems to be the going CPM rate for phished lists. Over on DN Lodge webmaster forums, a list of over 5,000 MySpace accounts acquired through phishing is also selling for $15 per thousand. The lucky buyer can grab them all for $55. “Untouched, hardly any dupes, great for advertising!” boasts the ad.

Another popular marketplace for MySpace spam apparatus was Screennameforum. As of last Friday, the domain appeared to have been shut down, quite possibly as a result of the lawsuit filed recently by MySpace against notorious spammer Scott Richter and alleged accomplices. The suit claims Richter-run businesses arranged for millions of MySpace bulletins to be sent through its system.

The administrator of affiliate marketing forum WickedFire, Jon F., believes MySpace, in preparation for filing the suit, was monitoring Screennameforum, a place he referred to as a “hub for all the hackers and spammers and program crackers” in a call with ClickZ News. “They’re not that bright; they’re very greedy,” he said of the people visiting the MySpace sale area of the forums.

In mid-January, a list of over 56,000 MySpace user names and passwords, retrieved through a phishing scam, reportedly were posted to the security information discussion forum Full Disclosure. The offending page has since been disabled.

Casual MySpace users may wonder why they get friend requests from people they have no connection to, or whose accounts have been removed from the site all together. A visit to DN Lodge might enlighten them. Several lists of logins and passwords are for sale there, many of which were inflated using friend-adding software. “Bala” has a list of over 500 friends for sale in a “PR4” account, referring to a Google page ranking of 4. Zach-the-man is ready to sell out his 13,000 so-called friends for a mere $80, and also offers a bulletin-sending service.

“Dee” is selling a MySpace account with over 1,400 friends and “around 7,000 friend requests STILL TOO APPROVE!” Those friend requests most likely were garnered through one of the multiple automatic adder tools available, such as MySpace FriendBlasterPro, AddEverybody, and Badder Adder. These products often allow users to send friend requests to particular segments of the MySpace population, according to age, gender, location or even affiliations with bands. Not only are these applications used by affiliate marketers, they’re rumored to be employed by brand marketers hoping to boost the number of friends attributed to MySpace brand profile accounts.

While MySpace did not respond to ClickZ’s interview requests regarding this issue, the company did submit the following statement: “MySpace will not tolerate users who violate our terms of service and disrupt the way our community works. When alerted to these issues we will remove the user in question and/or work with law enforcement, as appropriate.”

Related reading