MySpace page laced with fake Microsoft update

Share this article:

McAfee researchers are warning of a new MySpace phishing campaign in which users receive "friend" requests that attempt to infect them with assorted malware disguised as a Microsoft update.

Users who click on the profile of the person trying to befriend them are lead to the individual's page, which is overlaid with a real-looking Windows pop-up box promising automatic Windows updates, McAfee Avert Labs researcher Tad Heppner wrote today on the company blog.

Clicking on that box prompts an executable window requesting users to install the updates - specifically the Microsoft Malware Removal Tool (MSRT) - but it actually leads to "a true malware cocktail," he said. That includes a mixture of trojans, tools that permit remote control of the infected PC and other malware.

Researchers traced the IP address back to an internet service provider in Malaysia.

"Users should beware of friend requests from people they don't know and be cautious when surfing MySpace profiles," Heppner said. "Responsible browsing practices are advised."

Bill Sisk, security response communications manager for Microsoft, told SCMagazineUS.com in an email Monday that it was investigating public reports of the scam and that users should know that the MSRT is only available through Windows or Microsoft updates.

"Users should exercise caution with requests received from unknown sources, or received unexpectedly from known sources," he said.

This is not the first time spoofed Microsoft updates have been circulated in an attempt to drop malicious code on users' machines.

In June, experts said an email claiming to include a cumulative security update for Internet Explorer made the rounds, except it included a link to a malicious executable file on a remote server, which installs a browser add-on to the vicitm's PC.

A MySpace spokeswoman did not return a request for comment.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.