MySpace page laced with fake Microsoft update

Share this article:

McAfee researchers are warning of a new MySpace phishing campaign in which users receive "friend" requests that attempt to infect them with assorted malware disguised as a Microsoft update.

Users who click on the profile of the person trying to befriend them are lead to the individual's page, which is overlaid with a real-looking Windows pop-up box promising automatic Windows updates, McAfee Avert Labs researcher Tad Heppner wrote today on the company blog.

Clicking on that box prompts an executable window requesting users to install the updates - specifically the Microsoft Malware Removal Tool (MSRT) - but it actually leads to "a true malware cocktail," he said. That includes a mixture of trojans, tools that permit remote control of the infected PC and other malware.

Researchers traced the IP address back to an internet service provider in Malaysia.

"Users should beware of friend requests from people they don't know and be cautious when surfing MySpace profiles," Heppner said. "Responsible browsing practices are advised."

Bill Sisk, security response communications manager for Microsoft, told SCMagazineUS.com in an email Monday that it was investigating public reports of the scam and that users should know that the MSRT is only available through Windows or Microsoft updates.

"Users should exercise caution with requests received from unknown sources, or received unexpectedly from known sources," he said.

This is not the first time spoofed Microsoft updates have been circulated in an attempt to drop malicious code on users' machines.

In June, experts said an email claiming to include a cumulative security update for Internet Explorer made the rounds, except it included a link to a malicious executable file on a remote server, which installs a browser add-on to the vicitm's PC.

A MySpace spokeswoman did not return a request for comment.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.