subscribe: Daily Newsletter

 

More social engineering malware for MySpace users

0 comments

MySpace users are warned to be on their guard against a new piece of malware that poses as a "friend request" but can actually infect the user's computer with a host of malware programs. 

According to the McAfee Avert Labs blog, the new malware was detected on Friday.
"In this latest social engineering scenario an attacker sends a new 'friend request' to MySpace users," the blog notes. "When the user clicks on the picture or name of their new potential friend, an overlaid image of what looks like a legitimate Windows 'Automatic Update' pop-up box is displayed.
"Clicking on or near this bogus dialog will result in a request for a file download that is visually disguised as a Microsoft update called 'updateKB890830.exe' from a server named 'winxpupdate.Microsoft[removed]'.
"Instead of an update however, this download contains a malware cocktail containing additional downloaders, several trojans, as well as a remote admin tool."
McAfee warns users to be aware of dialogs that have abnormal properties.
"One such property may be that the dialog disappears when the web browser is minimised. If this is the case the dialog is probably an image rendered within the context of a web browser and is not a legitimate update."