Published: November 04 2009, 12:17 AM
by Mary Grace Gabriel

Fake Myspace email on the loose

Does this spammed email look familiar? Yes, It sure does! Just last week I blogged last week about spammed email containing a Subject such as "Facebook Password Reset Confirmation”. This time, the only difference is that the spammed email [see Figure 1] is disguised as a notification email from another famous Social Networking sites, Myspace.

                                               [Figure 1 – Fake Myspace email]

The email contains the Subject: Myspace Password Reset Confirmation

The email contains the Body:

--------------------------------------------------------------------------------------------------------

Hello,

Because of the measures taken to provide safety to our clients, your password has been changed.
You can find your new password in attached document.

Thanks,
The Myspace Team

--------------------------------------------------------------------------------------------------------

The email contains a malicious zipped file attachment with the filename myspace_94357.zip. This file is detected by CA as a Win32/Zbot variant.

"The Authority" Social Engineering Campaign

Don’t be too eager to open attachments on emails that you believe were sent by your "Boss” or by your "Darling".

Early this week, CA Research Labs have received new spammed email messages making those claims.

The first spammed email claims to be a message from your "Boss" [Figure 2] and instructs you to read the attached letter contained in the file "info.zip". Unfortunately, the content of the zipped file is not a letter from your boss but a variant of a malicious Trojan Family.

                                               [Figure 2 – Email from Fake Boss]

The email contains the Subject: get back to my office for more details

The email contains the Body:

--------------------------------------------------------------------------------------------------------

Please read the attached letter and get back to my office for more details to proceed further.

Thanks and have a very nice day.

--------------------------------------------------------------------------------------------------------

The email contains a malicious zipped file attachment with the filename "info.zip". This file is detected by CA as a Win32/Cutwail variant.

The second spammed email claims to be a message from your "Darling" [Figure 3] and tease you to view the photo contained in the file "photo.zip".

                                               [Figure 3 – Email from Fake Darling]

The email contains the Subject: Hello Darling

The email contains the Body:

--------------------------------------------------------------------------------------------------------

Hi, how are you? My photos Which I promised in attached file

----------------------------------------------------------------------------------------------------------

The email contains a malicious zipped file attachment with the filename "photo.zip". This file is detected by CA as a Win32/Zbot and Win32/Cutwail variant.

Again, we advise users to beware of these kinds of emails and ensure that your CA Security Products are updated with the latest signatures.

Share this post:  Email

Share