MySpace Exploited by Hackers to Distribute Spam

On January 17, 2008, Marshal's TRACE team revealed that spammers have begun another malevolent spam drive that targets MySpace. The spam is intended to corrupt unwary e-mail receivers' computers with malware that transforms their PCs into a zombie computer.

The spam message claims to be from an acquaintance requesting the user to become a member of MySpace. People who pursue the link given in the message are sent to a site that seems to be a genuine MySpace profile.

After that, the target is communicated that an updation of the Adobe Flash Player is required to see the subject matter of the e-mail. But deploying the update downloads malicious software onto the individual's computer and compels the affected PC to become a member of the zombie network, maintained Marshal's Engineer Glen Myers, in news reported on January 17, 2008 by SCmagazine.

Immediately, the latest zombie starts transmitting identical e-mails of the fake MySpace invite combined with phishing messages directing a leading American bank. As soon as the software is deployed, it permits cyber-terrorists to hijack the targeted machine from faraway, and exploit the infected computer to further spread spam.

These sorts of social engineering strikes are for the most part successful since they are trying to make use of the Web 2.0 outlook. The end users are also keen since they are accustomed to this pattern since users post lots of private data on these types of websites and given the opportunity, spammers will begin to use a number of that data in advanced and aimed drives in 2008.

Furthermore, 2008 is estimated to witness more of these messages, perhaps even presenting a link to the users' preferred pop group's newest music video. The spammers will be capable of effortlessly garnering this type of data about users from these social networking websites that people take part, alleged Bradley Anstis, VP of Products at Marshal, as reported by Govtech on January 17, 2008.

Therefore, security analysts at Marshal are recommending that the firms must either resolve whether they wish to disallow entry into websites like MySpace or YouTube, or wish to monitor it using policies and technical expertise. If possible, companies should satisfy and please their staff members by setting up a work culture where they would like to come for their job.

Related article: MySpace Wants Apple To Update QuickTime

» SPAMfighter News - 1/24/2008