Beware the MySpace Password Reset Confirmation malware attack

Filed Under: Malware, Spam

Malicious hackers are spamming out messages claiming to come from MySpace's support team, informing unsuspecting users that as a "safety" measure their password has been changed.

Of course, the emails aren't really from, and users who open the attached file risk infecting their computer with malware.

Bogus MySpace password reset confirmation email

A typical email looks like the following:

Subject: Myspace Password Reset Confirmation! Your Support
Attached file:
Message body:

Hey <>,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

The Myspace Team.

Sophos products are intercepting a large number of malicious emails exhibiting these characteristics, detecting them as both spam and malware. Sophos anti-virus solutions detect the attached file as containing the Mal/EncPk-NP or Mal/BredoZp-B malware.

Once again, social networks are being used as the hook to trick innocent internet users into infecting their computers.


You might like

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley