Security news
Security news13 October 2006
Spam campaign attempts to phish MySpace music fans, warns Sophos "Money money money" drives music store spam attack
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of an aggressively distributed spam campaign that uses the name of the popular MySpace social networking site in an attempt to phish information from music lovers. The emails have been spammed out to hundreds of thousands of computer users around the globe in the last week, luring them into clicking on links to a website posing as an online music store.
The subject headings of the spam emails typically read: 'New message from <name> on MySpace sent on <date> <time>'. Using the guise of a MySpace contact email, the spammers heighten the chances of potential victims opening the email. The message in the email then informs the user, 'You've got a new song from <name> on MySpace!', and invites them to click on a link to hear 'your MySpace music'.
The emails claim to point you to music on MySpace.
However, rather than taking users to the MySpace website, it directs them to a site claiming to sell MP3 music, and encourages them to pay to download music. The site, which only had its domain name registered on 5 October and claims to be based in Lappeenranta in Finland, has no affiliation with the social networking website.
"By making the headlines nearly everyday the MySpace brand has quickly become a household name, with 43 million users now signed up. As a result, it was only a matter of time before spammers jumped on its popularity for illegal purposes," said Graham Cluley, senior technology consultant at Sophos. "This email has been so aggressively spammed out that many of its recipients are not even MySpace users, so common sense should tell them the email is unsolicited and is to be deleted. Anyone who follows the links expecting to get free music, however, is risking handing their email address, credit card numbers and other private information into the hands of spammers."
Surfers who click on the link are not taken to MySpace but a website claiming to sell music downloads.
Sophos notes that in their pretence to come from MySpace and make their email appear legitimate, the spammers even include fake MySpace boilerplate text in their message:
-
At MySpace we care about your privacy. We have sent you this
notification to facilitate your use as a member of the MySpace service. If
you don't want to receive emails like this to your external email account
in the future, change your Account Settings to "Do not send me
notification emails"
Sophos continues to recommend that all organizations protect their email with an integrated security solution to thwart spam, spyware and malware threats.
Do you know how many employees are running virtualisation software on their PCs?
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
