Nastygram: MySpace phish plants spy software
A new spam campaign targeting MySpace.com users once again illustrates the blended threat from junk e-mail attacks, experts warn. This latest run tries to lure recipients into giving up their MySpace credentials, and then attempts to trick victims into installing password-stealing malicious software.
Attackers began blasting out the junk e-mails early Monday, according to researchers at the University of Alabama, Birmingham, Researchers at the school so far have tracked more than 30 Web site names associated with this attack, each beginning with "accounts.myspace.com" and ending in a United Kingdom country code domain (.uk).
The campaign is nearly identical to one launched late last month targeting Facebook.com users, said Gary Warner, director of research in computer forensics at UAB Birmingham: Recipients are directed to a fake Myspace.com page and asked for their login credentials. That attack cycled through at least 242 different look-alike Facebook scam sites before the last was shut down about five days later.
It's not clear whether the attackers really care about the login information, as the bogus sites will authenticate a user regardless of the supplied user name and password. Rather, the attackers appear to be requesting that information in a bid to make their scam sites appear more legitimate, Warner said. Their goal? Convince the user to install a "Myspace Update Tool," which instead is a copy of Zeus, a nasty piece of spyware that lets attackers steal online banking user names and passwords.
"This tactic we think is designed to foster the perception that the visitor is on a real MySpace site," Warner said.
Warner said the attackers in this latest assault appear to have learned from the Facebook attack, in which bogus Facebook pages also served up the Zeus payload. In contrast, the Zeus malware used in this MySpace phish is not hosted directly on any of the phishing sites, but instead at another location. Separating the phishing sites and the malware may help the bad guys keep both components of this scam online longer, Warner said.
"Many countries don't care if you send spam, but those same countries often will nuke a site if they can confirm reports that it's serving up malware," Warner said. "In this case, the phishing sites are likely to live longer because of the fact that there's no longer malware on them."
November 9, 2009; 12:21 PM ET
Categories: Latest Warnings , Nastygram , Safety Tips | Tags: nastygram, zbot, zeus
Save & Share: Previous: First iPhone worm targets modified handsets
Next: Apple ships 50+ security updates
Posted by: jackrussell252521 | November 9, 2009 1:26 PM | Report abuse
Posted by: aesculus | November 10, 2009 7:11 AM | Report abuse
The comments to this entry are closed.