Zeus botnet pushes fake MySpace update

By

Similar to Facebook scam.

Spam has been detected as being sent from the Zeus botnet that prompts users to update their MySpace account.

Trend Micro senior security advisor Rik Ferguson claimed that the spam is similar to the Facebook-related spam seen last week, with the user ‘required to update' their MySpace account with a link provided.

Ferguson said: “The link in the mail leads to a standard fake MySpace login page, so of course your account details are stolen. Once you have ‘logged in' though, the supposed ‘MySpace Update Tool' is waiting to trick the unwary into installing their very own variant of the Zeus agent.” Trend Micro detected this threat as TSPY_ZBOT.SMP.

Commenting on the same threat, Mikko Hypponen, chief research officer at F-Secure, said: “Once you log on, the bad guys gain access to your MySpace credentials. Why do they want them? So they can pose as you on MySpace and send malicious links to your friends — who will surely follow them, as they know you and trust you.

“But in this case, this is not the only thing they are after. After logging on, you get this prompt: ‘A New MySpace Update Tool'. Really? As an executable file? And of course it's not. The file (md5: 4c7693219eaa304e38f5f989a8346e51) turns out to be yet another Zeus/Zbot banking Trojan variant.”

Following a readme file, Ferguson said that this particular vendor
was offering a fully-installed, configured and supported Zeus installation; control panel, agent builder and injection scripts for just US$320.

See original article on scmagazineuk.com


Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack

Qantas obtains court order to prevent third-party access to stolen data

Qantas obtains court order to prevent third-party access to stolen data

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

Log In

  |  Forgot your password?