MySpace malware poses as Windows update
By Matthew Sparkes
Posted on 15 Jan 2008 at 07:52
MySpace users are at risk from hacked profile pages that attempt to install malware disguised as legitimate Windows updates, warns McAfee.
"In this latest social engineering scenario an attacker sends a new 'friend request' to MySpace users. When the user clicks on the picture or name of their new potential friend, an overlaid image of what looks like a legitimate Windows 'Automatic Update' pop-up box is displayed," claims a McAfee security alert on the Avert Labs blog.
If the user clicks on this fake update request then the browser will attempt to download a "malware cocktail" that McAfee believes to consist of additional downloaders, several trojans and a remote administration tool that could provide hackers with access to a user's PC.
Last week the rival social networking site, Facebook, was forced to remove the Secret Crush application after claims emerged that it attempted to install malware on to users' PCs.
MySpace has not been available for comment.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
advertisement
Printed from www.pcpro.co.uk