Internet Security Systems - AlertCon(TM)

ProfileWatcher on MySpace

Posted by Mark Vincent Yason on January 30, 2007 at 11:34 AM EST.

Last week, we received a report regarding a software called ProfileWatcher being spammed on MySpace. So, I downloaded the software and looked at what it does.

Sure enough, it was performing what it had been advertised to do – monitoring MySpace profiles for relationship status changes and comments. The downside, however, is that it is also sending spam using your MySpace profile.

One of my test verified that it sent a comment spam to one of the profiles I had configured it to monitor. This comment is just in a form of two dots “..” and is a hyperlink to a copy of the software.

Apparently, this spamming is part of the license agreement that the user must agree to in order to install the software. The license agreement basically states that the user agrees to authorize the software to automatically send messages/comments/etc. on behalf of the user without any notification. And this is done as a convenience because by installing the software at no cost you are expressing your desire and intent to communicate to others about the software.

Well, that explains the spamming, but for users who inadvertently agreed or did not read the license agreement… well, that explains the whole issue.

All I can say is that we are responsible for the software we download and run. Of course, there are some malware/graywares that automatically install on vulnerable systems, but there are also a lot of malwares/graywares that require user interaction in order to execute and we can actually avoid getting infected from them if we are just being more careful.

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.