Friday, January 11, 2008
MySpace page fakes Microsoft security update, installs malware
McAfee has reportedly claimed that a MySpace profile is serving up a fraudulent Microsoft security update that attempts to load malware if clicked. The attack scenario requires sending new friend requests to MySpace users. If you click on the person's picture or name link to view their profile a profile page appears, overlaid with an apparently legitimate Windows 'Automatic Updates' pop-up box. Clicking on (or even near) the pop-up creates a request for a file download a fake Microsoft update called 'updateKB890830.exe' from a server.
The profile supposedly belongs to a 42 year old woman from Arkansas, and appears to exist solely for the purpose of spreading the malicious program. McAfee says that both Microsoft and MySpace have been contacted. However, as of now the page is still available on the Myspace site.
About the Author
bored_product_guy / Author & Editor
Has laoreet percipitur ad. Vide interesset in mei, no his legimus verterem. Et nostrum imperdiet appellantur usu, mnesarchum referrentur id vim.