MySpace users tempting targets for digital vandals

LOS ANGELES -- MySpace.com devotee Kary Rogers was expecting to see a gut-busting video when a friend from the popular online hangout messaged him a link.

First, though, he was directed to a page where he was supposed to re-enter his password. Rogers realized that someone was trying to steal his information, and he didn't take the bait. At best, he would be spammed with junk e-mails; worse, the Web thief might steal his real-life identity.

"I immediately went back and changed my password," said Rogers, 29, a network analyst for Mississippi State University in Starkville, Miss.

MySpace bills itself as a "place for friends." Increasingly, it is also a place for unfriendly attacks from digital miscreants on the prowl, luring users to sexually explicit Web sites, clogging mailboxes with spam messages and playing on the trust users have when speaking to "friends" to obtain passwords that could lead to identity theft.

Managing the risks that come with rapid growth is an enormous challenge for MySpace, now part of Rupert Murdoch's News Corp. media conglomerate. The site can't afford to drive away users, who might defect to one of a growing number of alternative sites, or advertisers, who pay top dollar to reach the growing MySpace audience.

MySpace, which News Corp. bought last year for some $580 million, has recognized the threat and is stepping up security efforts, said Hemanshu Nigam, its chief security officer.

The company is rapidly expanding its team of software engineers, lawyers and other experts who look for suspicious activity, educate users on how to prevent attacks and go after the worst offenders.

Under Nigam's direction, the company recently formed a Content Assurance Team. Employees post fake profiles on the site, pretending to be vulnerable teens or clueless adults. The profiles are designed to keep tabs on everything from sexual predators to spammers.

MySpace also is preparing to launch a more aggressive education campaign, urging users to take care and use tools that restrict the viewing of their profiles to only trusted sources.

When all else fails, the company is also files civil suits and is increasing cooperation with law enforcement officials.

"We're trying to take away the 'cool' factor of trying to attack us," Nigam said.

The bottom line provides the motivation.

"If advertisers feel uncomfortable being on a site that is seen

as not as secure, not as safe, then we lose revenue," Nigam said.

So far, no major damage has been done on the site, although some users, increasingly annoyed by the fake friends and messages, are seeking other social networking alternatives.

"I don't have this problem on Facebook," Rogers said, referring to another popular site.

The Internet has weathered several threats over the years, but as users move on, so do the attackers.

Writers of malicious software used to count primarily on e-mail recipients to click on attachments to spread their wares. As e-mail recipients got more savvy, the writers looked to automate the process by exploiting vulnerabilities in e-mail programs, browsers and the Windows operating system from Microsoft Corp.

As those security holes get closed, virus writers are looking elsewhere, including social-networking sites -- attractive in part because of their size.

"It's where the activity is and the attackers play the percentages," said David Cole, director of security response at Symantec Corp. "They go after the largest market share where there is the most activity."

---

On the Net:

MySpace safety tips: http://www.myspace.com/Modules/Common/Pages/SafetyTips.aspx