Myspace Train of Password stealers

I wish everybody knows what is Myspace Trains are. Here some words for those who doesn’t have any idea about Myspace Trains -

Myspace Train is a Technology used by the myspace users to create more friends. The users are not known to each other. They just have a friend adding spree. So they participate in the Process. In their language “Do you want to be famous in Myspace – Join the Train”

So what you have to do to get into a Train?

You have to add every persons in the Train (A page of links where the links lead to add a person). When you are finished adding all the friends then you have to put your myspace friend id in a input box and join. Done!

No. The system will tell you to post the Train I mean the list of links which lead to add a person to all your firends by sending a bulletin. So now everybody in your friend list can get into the train by adding all the persons in train, giving their friend id to the system and at last posting the train to all of their friends through bulletin. It was kind of viral way of making friends. And it actually does work like a virus. depends on participation. Some Myspace Train Sites give points to send it multiple times as it can spread faster.

It was a nice idea of gathering more friends in short time specially for those who really wants to have more friends and for those who wants to do their marketing to some millions of myspace friends.

Where is the Problem Then?
It was fine till these Friend marchents were not using the Train page to hack the accounts by using the Myspace SWF hack.

They are using Flash files (.swf) to link the Add Friend. These .swf files are hosting in photobucket and imagshack (mostly). When you are clicking on this links you got attacked by the exploit.

What can be happend?
Your Myspace account profile can be edited. You password can be changed, bulletins can be sent without your notice lots of other things.