MySpace Malware Cocktails

If you are in charge of enforcing web surfing policies for your enterprise and you are not already blocking mega-popular social networking sites like MySpace for your users, here is yet another reason to do so: Fake Microsoft updates that deliver a machine-killing Kevorkian cocktail.

Your user thinks he’s adding a new friend and helpfully clicks on the Microsoft Update button when prompted. Instead he has just turned his host on your network into a botnet slave, complete with remote control apps for the bad guys.

Fake Microsoft Update

From PCWorld.Com here:

Using a hacked MySpace profile, online criminals are trying to trick victims into downloading a malicious Trojan Horse program by disguising it as a Microsoft update, according to McAfee.

Web surfers are presented with what appears to be a popup window advising them to download the latest version of Microsoft’s Windows Malicious Software Removal Tool, which was just released this Tuesday.

In reality, the popup window is just part of a larger image that takes up most of the computer screen. If the user clicks anywhere on this image, his computer will then begin to download the Trojan program.

The Trojan, known as TFactory, is a well-known piece of code that has been used by criminals for well over a year.

In November, hackers found a way to serve up Web-based attack code from the MySpace profiles of Alicia Keys and a number of other musical artists.

The attack is certainly not widespread– McAfee has seen it used on only one MySpace profile– but it does show how sites such as MySpace can be abused by criminals.

MySpace also recently suffered a rash of password-stealing attacks where bots spammed users’ friends lists spreading the password-stealing app. MySpace is also rife with Zango spyware and html coding that will make your eyes bleed. The fact is, I block MySpace on my corporate network more for the security risks than the bad taste. Thanks to Trench at MyCrimeSpace for the link.