Jun9
12:45 am (UTC-7)   |   by Christopher Talampas (Fraud Analyst)

TrendLabs Content Security has come upon a new phishing attack that leads to the download of malware. However, unlike most instances where phishing baits are usually banks, credit unions or other financial institutions, this time it uses the popular social networking Web site MySpace.com.

The phishing URL may be contained in spammed email messages. Once recipients of said messages click or visit the URL, it displays a spoofed MySpace login page. It also uses a popup window declaring a supposed MySpace profile object error and requires that the user download the new version of a new MySpace profile object.

Therein lies the trick: When the user clicks the “continue” button, malicious files are not only downloaded but also automatically installed. The said malicious files are detected as TROJ_ZLOB.GUZ and BKDR_IRCBOT.BGY.

And if the user tries to exit the page, it will not close until the said file is downloaded. To exit, a user needs to terminate the program using Task Manager.

Trend Micro users, of course, are already safe from this threat, as the phishing URL hxxp://{BLOCKED}ce404-error.farvista.net/myspace.php is already blocked by Trend Micro’s Web Threat Protection (WTP) technology. For other users, however, it pays to be vigilant.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Monday, June 9th, 2008 at 12:45 am and is filed under Security . Responses are closed, but you can trackback from your own site.



Comments are closed.


File-napper GPCODE Reemerges
Uncovering VUNDO


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice