Spam has been detected as being sent from the Zeus botnet that prompts users to update their MySpace account.
Trend Micro senior security advisor Rik Ferguson claimed that the spam is similar to the Facebook-related spam seen last week, with the user ‘required to update' their MySpace account with a link provided.
Ferguson said: “The link in the mail leads to a standard fake MySpace login page, so of course your account details are stolen. Once you have ‘logged in' though, the supposed ‘MySpace Update Tool' is waiting to trick the unwary into installing their very own variant of the Zeus agent.” Trend Micro detected this threat as TSPY_ZBOT.SMP.
Commenting on the same threat, Mikko Hypponen, chief research officer at F-Secure, said: “Once you log on, the bad guys gain access to your MySpace credentials. Why do they want them? So they can pose as you on MySpace and send malicious links to your friends — who will surely follow them, as they know you and trust you.
“But in this case, this is not the only thing they are after. After logging on, you get this prompt: ‘A New MySpace Update Tool'. Really? As an executable file? And of course it's not. The file (md5: 4c7693219eaa304e38f5f989a8346e51) turns out to be yet another Zeus/Zbot banking Trojan variant.”
Following a readme file, Ferguson said that this particular vendor was offering a fully-installed, configured and supported Zeus installation; control panel, agent builder and injection scripts for just US$320.
See original article on scmagazineuk.com
Zeus botnet pushes fake MySpace update
Similar to Facebook scam.
Got a news tip for our journalists? Share it with us anonymously here.
Sponsored Whitepapers

See everything. Do more.

Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Diamond IT Delivers GRC Transformation with Microsoft Purview

Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks

Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy