MySpace page laced with fake Microsoft update

Share this article:

McAfee researchers are warning of a new MySpace phishing campaign in which users receive "friend" requests that attempt to infect them with assorted malware disguised as a Microsoft update.

Users who click on the profile of the person trying to befriend them are lead to the individual's page, which is overlaid with a real-looking Windows pop-up box promising automatic Windows updates, McAfee Avert Labs researcher Tad Heppner wrote today on the company blog.

Clicking on that box prompts an executable window requesting users to install the updates - specifically the Microsoft Malware Removal Tool (MSRT) - but it actually leads to "a true malware cocktail," he said. That includes a mixture of trojans, tools that permit remote control of the infected PC and other malware.

Researchers traced the IP address back to an internet service provider in Malaysia.

"Users should beware of friend requests from people they don't know and be cautious when surfing MySpace profiles," Heppner said. "Responsible browsing practices are advised."

Bill Sisk, security response communications manager for Microsoft, told SCMagazineUS.com in an email Monday that it was investigating public reports of the scam and that users should know that the MSRT is only available through Windows or Microsoft updates.

"Users should exercise caution with requests received from unknown sources, or received unexpectedly from known sources," he said.

This is not the first time spoofed Microsoft updates have been circulated in an attempt to drop malicious code on users' machines.

In June, experts said an email claiming to include a cumulative security update for Internet Explorer made the rounds, except it included a link to a malicious executable file on a remote server, which installs a browser add-on to the vicitm's PC.

A MySpace spokeswoman did not return a request for comment.

Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.