NEWS FROM THE LAB - Monday, November 9, 2009

When Phishing Isn't Phishing Posted by Mikko @ 14:27 GMT

So, there are these apparent MySpace phishing e-mails going around ("...please be informed that you are required to update your MySpace account, Please update your MySpace account by clicking here...")

When you follow the link, you end up to this MySpace look-a-like page, hosted on various .uk domains:


Once you log on, the bad guys gain access to your MySpace credentials.

Why do they want them?

So they can pose as you on MySpace and send malicious links to your friends — who will surely follow them, as they know you and trust you…

But in this case, this is not the only thing they are after. After logging on, you get this prompt:


A New MySpace Update Tool? Really? As an executable file?

Hmm… and of course it's not. The file (md5: 4c7693219eaa304e38f5f989a8346e51) turns out to be yet another Zeus / Zbot banking trojan variant.

F-Secure Anti-Virus blocks access to the malicious domains and detects the malware.