I’m not much of a Friendster fan, especially since I’ve had my share of viewing sucky and crappy profile page layouts. In my list of web apps with the highest propensity for abuse in terms of design/layout, Friendster’s up there at number two, just below MySpace.
But I do use it occasionally to stalk network with friends and acquaintances. Lately, I’ve been seeing this message being posted repeatedly by some of my contacts on the bulletin boards:
Date:
Tuesday, 18 July, 2006 4:31 PMSubject:
boob flashing of famous mestiza model in embassy last satMessage:
Fresh pix from the said incident last saturday at embassy bar is finally out. This famous mestiza commercial model and product endorser was doing it all for the camera, last sat night at embassy bar. Based on the sources this mestiza chic was apparently drunk and wasted at that incident, making her careless.. and bra-less if I may say… For sure you know this famous mestiza model. Almost 20 pix of the said incident are posted on this friendster link, check it out before they pull those naughty & mestizalicious pix out. check it out at www.friendster.com/embassyvip
So the perv curious person in me tried to check out this profile page linked at the bottom of the bulletin board entry, but it’s apparently been suspended. I did some research and guess what? The bulletin board posting seemed to be some form of spam used to hook unsuspecting users into viewing the page and re-posting the spam using their own accounts.
Had the profile page been active, it would’ve re-posted the same spam message on my bulletin board for all my friends to see.
Upon clicking on the link, I am not really sure what is happening right after I clicked it, but it looks like an HTML table tag or a big div tag box that has a high z-index trying to go over the whole page hiding what is happening. A black box loads up and displays the following text which are loaded images that reads:
please wait”¦ photos still loading (don’t click on anything until all photos have loaded)
Then after waiting, the page then forwards back to the bulletin board and has already posted on the bulletin board using your Friendster account.
Complaining Never Gets Old (blogspot site is down; Google cache here) lists what actually happens when one opens the profile page:
1) sends a smile to friendster user id: 9613366 (from you of course)
2) sends a request to the user named: jhay-jhay gutilban (consistent with the user id mentioned above) to be added as his/her friend
3) reposts the thing on your bulletin board with the link. (i.e. someone who posts once — hmm okay, okay curiosity maybe ..but someone on your list posting more than once, REALLY wanted to see those pics!… tsk tsk… nahahalata yung mga manyak 😛 )
I recently checked out jhay-jhay’s profile page and guess what, the shout-out says stop bugging me, please. I guess she was getting a lot of friend requests and smiles! (Popular, eh?)
AO’s Benj Arriola checked out the script used to facilitate the spamming and traced its origin to www.markyctrigger.com, which I think was just used as a tool to run other scripts, and not the culprit itself (or was it?).
At any rate, this tool–and other like it–usually used to create yet more crappy profile pages should be considered a security risk by Friendster.
Lesson learned: stop being a perv.