MySpace spam seeks botnets

By

Researchers at Marshal, an internet security firm, are tracking a new spam campaign in which recipients receive messages inviting them to join MySpace – but a click on the link leads them to a bogus page containing malware disguised as an Adobe update.


Users who follow the link in the email are directed to a website that appears to be a legitimate MySpace profile, Glen Myers, an engineer at Marshal, told SCMagazineUS.com today.

However, the victim is informed they need to update their Adobe Flash Player to properly view content on the page, he said. Installing the update actually downloads malware onto the user's PC and forces the infected machine to join a botnet.

Then, almost immediately, the zombie computer starts sending similar emails, in addition to phishing messages, targeting a major U.S. bank, according to Marshal.

Myers said these types of social engineering attacks are particularly effective because they are attempting to exploit the Web 2.0 mindset.

“The user is willing because they are used to this paradigm where it's someone they know and they posted this content,” he said.

Businesses must either decide if they want to ban access to sites such as MySpace or YouTube, or control it through policies and technology, Myers said. Preferably, organizations should cater to their employee and “create a culture where they want to come to work.”

Web content filtering solutions would help, he said.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
botnetsmyspacesecurityseeksspam

Sponsored Whitepapers

Gaining a Competitive Advantage with Communication APIs
Gaining a Competitive Advantage with Communication APIs
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Leverage Technologies: Industry-Tailored ERP Implementation for Growth and Compliance
Service Over Signatures: The Truth About No Lock-In IT
Service Over Signatures: The Truth About No Lock-In IT
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks

Events

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments
Top US diplomat impersonated with AI by unknown actor

Top US diplomat impersonated with AI by unknown actor
Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks
UK police arrest four over cyberattacks on M&S, Co-op and Harrods

UK police arrest four over cyberattacks on M&S, Co-op and Harrods
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?