MySpace spam seeks botnets

By

Researchers at Marshal, an internet security firm, are tracking a new spam campaign in which recipients receive messages inviting them to join MySpace – but a click on the link leads them to a bogus page containing malware disguised as an Adobe update.


Users who follow the link in the email are directed to a website that appears to be a legitimate MySpace profile, Glen Myers, an engineer at Marshal, told SCMagazineUS.com today.

However, the victim is informed they need to update their Adobe Flash Player to properly view content on the page, he said. Installing the update actually downloads malware onto the user's PC and forces the infected machine to join a botnet.

Then, almost immediately, the zombie computer starts sending similar emails, in addition to phishing messages, targeting a major U.S. bank, according to Marshal.

Myers said these types of social engineering attacks are particularly effective because they are attempting to exploit the Web 2.0 mindset.

“The user is willing because they are used to this paradigm where it's someone they know and they posted this content,” he said.

Businesses must either decide if they want to ban access to sites such as MySpace or YouTube, or control it through policies and technology, Myers said. Preferably, organizations should cater to their employee and “create a culture where they want to come to work.”

Web content filtering solutions would help, he said.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?