MySpace User’s Account Used to Download Malicious File
As per the researchers at security vendor McAfee, better security is needed to deal with the counterfeit Microsoft updates.
Online criminals are exploiting a hacked profile of MySpace to dupe victims. They are sending a malevolent Trojan program through this hacked profile by covering up as an important Microsoft update, as per the researchers at McAfee.
McAfee has found only one MySpace profile that has been used by criminals. The strike is not widespread but it has shown that criminals can misuse websites like MySpace.
Once the file is installed in the system, it makes way for other downloaders, Trojan horses and a remote control tool from multiple servers. These files are sent by servers situated in Ukraine and Malaysia. McAfee has updated Microsoft and MySpace about the new threat. However, when McAfee was writing to both the companies, the booby-trapped MySpace profile was alive and sending malicious files.
Web surfers come across a pop window that advises them to install the recent version of Microsoft's Windows Malicious Software Removal tool. This disguised malicious file was released on January 8, 2008. It also says that the Microsoft is distributing software to remove malware from systems.
The pop up window is a mini image of a large image that covers the screen of computer if a user clicks on it. And as the user clicks on the window, Trojan program begins downloading.
Dave Macrcus, Security Research Manager, McAfee, said that the Trojan is recognized as TFactory. It is a popular part of code among criminals and has been exploited by them for more than a year, as reported by PCWorld on January 12, 2008.
Marcus said that hackers were either able to detect the loophole in the site MySpace, or they had phished the user's account. He also said that it seemed they had stolen the user name and password.
In November 2007, hackers were able to launch web-based attacks from various profiles at MySpace, including Alicia Keys together with many other popular musical artists. If a user clicked on 'yes', a rootkit and DNS changer are installed on his system that give complete control to hackers over what he is browsing and what he is downloading.
Related article: MySpace Wants Apple To Update QuickTime
» SPAMfighter News - 23-01-2008