Malicious hackers are spamming out messages claiming to come from MySpace’s support team, informing unsuspecting users that as a “safety” measure their password has been changed.
Of course, the emails aren’t really from email@example.com, and users who open the attached file risk infecting their computer with malware.
A typical email looks like the following:
Subject: Myspace Password Reset Confirmation! Your Support
Attached file: password.zip
Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.
The Myspace Team.
Sophos products are intercepting a large number of malicious emails exhibiting these characteristics, detecting them as both spam and malware. Sophos anti-virus solutions detect the attached file as containing the Mal/EncPk-NP or Mal/BredoZp-B malware.
Once again, social networks are being used as the hook to trick innocent internet users into infecting their computers.