Rather than sending a fake email from a financial institution, a phisher is using the popular social networking site MySpace.com to dupe people into giving up their personal information and download malware.
Researchers at Trend Micro’s TrendLabs content security recently discovered the attack. The email message contains a spoofed MySpace login page. A popup window requires the user to download a new profile object, and ultimately, a gullible user can be duped into downloading two malicious files. The files, a Trojan and a backdoor program, work together to steal even more data on the victim.
It’s not easy to navigate away from the site, Trend said. The page won’t close until the files are downloaded or the user opens Microsoft’s Task Manager to terminate the browser session.