MySpace Spoofed Spam Mails Install Malware
According to the University of Alabama (UAB) at Birmingham, spammers are distributing malicious e-mails posing as messages from MySpace and taking unwitting users onto web-pages, which download a PC worm that deceptively seizes online banking credentials along with more personal details from the victims.
Internet security researchers hitherto have already traced names of over 30 websites that are related to this attack. All of them start with 'accounts.myspace.com' and finish with '.uk,' the code domain representing the country of United Kingdom.
Gary Warner, Research Director of Computer Forensics at the University of Alabama, states that fraudulent MySpace e-mails direct recipients to confirm details of their accounts through a web-link embedded in the spam mails, as reported by UAB on November 9, 2009.
However, the link actually connects end-users to a spoofed MySpace login page, where a download is presented named 'MySpace Update Tool.' Warner also states that this download in reality installs malware on end-users' systems.
He explains that the attack miscreants convince users that they are on the original website, by displaying a login page, which is actually phony, and encouraging them to enter their login credentials.
Furthermore, it is not that the criminals actually want users' MySpace login details rather their objective is to win users' confidence so that they would follow the criminals' instructions regarding the download, said Warner. If anyone clicked on the download, the virus ZBot would download, which tries to seize users' banking passwords along with their financial and other private details.
According to Warner, the spam outbreak almost the same as the one unleashed during the latter half of October 2009 aimed at users of Facebook. That attack spread via a minimum 242 separate scam websites mimicking Facebook.com till the final Website was blocked some 5 days later, Warner adds, as reported by The Washington Post on November 9, 2009.
Hence, users are suggested that they exercise extra caution against dubious looking attachments, particularly if they request for password reset, as no genuine website would ever dispatch a password-resetting attachment.
Related article: MySpace Wants Apple To Update QuickTime
» SPAMfighter News - 20-11-2009