Source: Security Watch Published: January 11, 2008 5:15 pm Author: Ryan Naraine
----------------------------------------------------------------Anti-virus researchers at McAfee are tracking a nasty new malware attack targeting millions of users on the popular MySpace social networking site.
The latest exploit combines a rigged MySpace profile with a fake Microsoft security patch to lure Windows users into downloading malicious executables.
Here's the attack scenario, as explained by a McAfee official:
Attackers send new "friend requests" to MySpace users. When clicking on the person's picture or name link to view their profile, it shows a profile page overlaid with what looks like a legitimate Windows "Automatic Updates" pop-up box.
A Windows user who is tricked into clicking on or near the pop-up receives a request for a file download masked as a Microsoft update called "updateKB890830.exe" from a server that includes "winxpupdate.microsoft" in its name.
The executable file masquerading as a Microsoft patch is acually a true malware cocktail.
Once installed and run, it opens a backdoor on the compromised machine and proceeds to download more downloaders, Trojans and a remote control tool from multiple servers.
The downloaded files are coming from servers located in Malaysia and the Ukraine.
McAfee has notified both MySpace and Microsoft but, at the time of writing, the booby-trapped MySpace profile was still live and serving up the malicious file.
Author
