Zeus botnet pushes fake MySpace update

Spam has been detected as being sent from the Zeus botnet that prompts users to update their MySpace account.

Trend Micro senior security advisor Rik Ferguson claimed that the spam is similar to the Facebook-related spam seen last week, with the user ‘required to update' their MySpace account with a link provided.

Ferguson said: “The link in the mail leads to a standard fake MySpace login page, so of course your account details are stolen. Once you have ‘logged in' though, the supposed ‘MySpace Update Tool' is waiting to trick the unwary into installing their very own variant of the Zeus agent.” Trend Micro detected this threat as TSPY_ZBOT.SMP.

Commenting on the same threat, Mikko Hypponen, chief research officer at F-Secure, said: “Once you log on, the bad guys gain access to your MySpace credentials. Why do they want them? So they can pose as you on MySpace and send malicious links to your friends — who will surely follow them, as they know you and trust you.

“But in this case, this is not the only thing they are after. After logging on, you get this prompt: ‘A New MySpace Update Tool'. Really? As an executable file? And of course it's not. The file (md5: 4c7693219eaa304e38f5f989a8346e51) turns out to be yet another Zeus/Zbot banking Trojan variant.”

Following a readme file, Ferguson said that this particular vendor was offering a fully-installed, configured and supported Zeus installation; control panel, agent builder and injection scripts for just US$320.

See original article on scmagazineuk.com