Malicious hackers are spamming out messages claiming to come from MySpace's support team, informing unsuspecting users that as a "safety" measure their password has been changed.
Of course, the emails aren't really from support@myspace.com, and users who open the attached file risk infecting their computer with malware.
A typical email looks like the following:
Subject: Myspace Password Reset Confirmation! Your Support
Attached file: password.zip
Message body:Hey <name1@example.com>,
<name2@example.com>,
<name3@example.com>,
<name4@example.com>,Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.
Thanks,
The Myspace Team.
Sophos products are intercepting a large number of malicious emails exhibiting these characteristics, detecting them as both spam and malware. Sophos anti-virus solutions detect the attached file as containing the Mal/EncPk-NP or Mal/BredoZp-B malware.
Once again, social networks are being used as the hook to trick innocent internet users into infecting their computers.
![Server-side polymorphism: How mutating web malware tries to defeat anti-virus software [VIDEO]](http://sophosnews.files.wordpress.com/2012/07/potato-head-thumb.jpg?w=75&h=75&crop=1)
![Invisible iFrame drive-by malware attacks explained [VIDEO]](http://sophosnews.files.wordpress.com/2012/08/frame-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
