Beware the MySpace Password Reset Confirmation malware attack

Filed Under: Malware, Spam

Malicious hackers are spamming out messages claiming to come from MySpace's support team, informing unsuspecting users that as a "safety" measure their password has been changed.

Of course, the emails aren't really from support@myspace.com, and users who open the attached file risk infecting their computer with malware.

Bogus MySpace password reset confirmation email

A typical email looks like the following:

Subject: Myspace Password Reset Confirmation! Your Support
Attached file: password.zip
Message body:

Hey <name1@example.com>,
<name2@example.com>,
<name3@example.com>,
<name4@example.com>,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
The Myspace Team.

Sophos products are intercepting a large number of malicious emails exhibiting these characteristics, detecting them as both spam and malware. Sophos anti-virus solutions detect the attached file as containing the Mal/EncPk-NP or Mal/BredoZp-B malware.

Once again, social networks are being used as the hook to trick innocent internet users into infecting their computers.

,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.