New MySpace Spam Recruits BotsNew MySpace Spam Recruits Bots

ATLANTA -- Spammers have launched a new malicious spam campaign that exploits social networking site MySpace, Marshal’s TRACE team announced today. The spam is designed to infect unsuspecting email recipients’ PCs with malware that converts their computer into a botnet zombie.

The spam email purports to be an invitation from a ‘Friend’ to join MySpace. The message contains a link when clicked transfers the user to a fake, but authentic looking MySpace website. The user is then told they need to update their Adobe Flash Player to use the site properly and should download the latest version.

The download is, in reality, malware which installs more components from the Web to convert the now infected computer into part of a spam botnet. Within minutes the new zombie computer begins sending duplicate messages of the bogus MySpace invitation interspersed with phishing emails targeting a major US bank.

“We saw sites such as YouTube targeted in these kinds of malware distribution campaigns last year. It follows that social networking sites would be next on the spammers list of targets to exploit, although this newest campaign arrived a little sooner that expected. This attempt to exploit MySpace is simplistic but effective,” said Bradley Anstis, Marshal’s VP of Products.

MySpace