Under the attack scenario, individuals receive phishing emails that direct them to a bogus MySpace login page, Haley told SCMagazineUS.com today. Once there, the malicious sites search victims' computers to learn if they are vulnerable to the image uploader issue. If they are, the site attempts to install a medley of trojans.
“It's a double whammy,” he said. “It's going to try to steal your credentials [MySpace username and password] and it's going to try to download some malware on your machine.”
An Aurigma representative did not respond to a request for comment.
If users are not running the Aurigma software – or if their PCs are pached for the flaw – the sites will look for other vulnerabilities including a recently disclosed Yahoo Jukebox ActiveX flaw.
Haley said businesses might consider disabling ActiveX on their browsers, but ideally they should ensure their machines are running the latest fixes.
“Once the patches are available, you need to get them out,” he said. “The bad guys and the malware writers are where the users are, and today that's the social networks.”
See original article on scmagazineus.com
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
