"MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site"
…
"Because the fraudulent login page is hosted on MySpace's own servers
and does not exhibit any signs of external content, such as cross-site
scripting (XSS) or open redirects, it is convincing and even
security-conscious users are at risk of becoming victims. The attack is
launched from a profile page, where the username is
login_home_index_html, and uses specially-crafted HTML in order to hide
the genuine MySpace content from the page and instead display its own
login form."
Article Link:
http://news.netcraft.com/archives/2006/10/27/myspace_accounts_compromised_by_phishers.html
