Poisoned MySpace page masquerades as Windows Update
Print storyBefriend an infection
Posted in Anti-Virus, 12th January 2008 01:18 GMT
Free whitepaper – Securing your Microsoft Internet Information Services (MS IIS) web server
Doom watchers at McAfee have discovered a booby-trapped MySpace page that foists malware on users by spoofing a Microsoft update down the center of the profile.
The image (below) looks authentic enough to the drunk and uninformed. It is superimposed over the profile of a MySpace user who goes by the name of Rita. Clicking on the pic, or anywhere near it, initiates a download window that, if accepted, unleashes a malware cocktail that includes downloaders, Trojans and backdoors from multiple servers.
Attackers are sending friend requests to MySpace users in the hopes of getting them to click on the poisoned link. The downloads appear to come from Malaysia and the Ukraine.
McAfee researchers have contacted MySpace. The page, however, remained active as of time of writing of this article.
And so we find another strong endorsement for safe browsing practices. The Firefox extension NoScript won't save you this time, but common sense will. If a nubile hotty that's half your age and that you've never met sends a message asking to be your friend, odds are good you're being scammed.
Those running McAfee security software have a safety net. It recognizes the malware and stops its installation. ®
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Airport insecurity: the case of lost laptops
Jump start your Application Security initiatives
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Extended Validation SSL Certificates
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive