Earlier this week, mass emails surged into inboxes spoofing Facebook’s SMTP that contained a malicious attachment masquerading as a file containing a password reset. The same spammers are now targeting social-networking site MySpace.
According to security firm M86’s blog, these spam campaigns are being sent by the Pushdo botnet with attached zip files, that if unzipped and opened will install Bredolab, a malicious downloader.
Similar to the spam attack on Facebook users, the MySpace emails pose as official notices from the social-networking site requesting that users accept a password change for security purposes and open the attached file to retrieve the new password.
This could move on to other popular sites says M86: “If this trend continues it’s possible that Pushdo will do the same thing again with a fake MySpace website or use another popular brand, such as Twitter or Google.”
By Marie Boran
Photo: Spammers are targeting social-networking site MySpace.