Malicious MySpace Tom!

Everyone who’s ever had a MySpace account knows Tom. Tom is everyone’s friend, like it or not. So getting an email telling you Tom has sent you a message is a perfectly plausible notification for any MySpace user. If you look carefully at the following email we saw in our spam queues this afternoon though, you’ll see two dead cert indicators that this is a Tom imposter:

You’ve got a new message from Tom on MySpace!

Click here to read your MySpace messages:
http://www.myspacce.xxxx/reloc.cfm?c=(removed)

Click here to invite more friends to Your Space:
http://www.myspacce.xxxx/reloc.cfm?c=(removed)

The email itself is pretty well done, but the incorrect spelling of myspacce and the lack of a dot com at the end of the domain tell you that this isn’t genuine. If you were unfortunate enough to hurriedly click on the link to see what Tom had to tell you, you’d be taken to a web page trying to display a video.

Would you be tempted to run the video?

Would you be tempted to run the video?

At this point you know there’s no message, but can you resist trying to get the video to run? According to the comments on the page displayed it looks pretty controversial… so, are you tempted?

If you can’t resist you would end up trying to download a file which is proactively detected by Sophos as Mal/Heuri-D.

Of course, we block the site the link takes you to, so even the most unwary and curious users are doubly protected.