Press Releases

Browse our press release archive

13 Oct 2006

Spam campaign attempts to phish MySpace music fans, warns Sophos

"Money money money" drives music store spam attack

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of an aggressively distributed spam campaign that uses the name of the popular MySpace social networking site in an attempt to phish information from music lovers. The emails have been spammed out to hundreds of thousands of computer users around the globe in the last week, luring them into clicking on links to a website posing as an online music store.

The subject headings of the spam emails typically read: 'New message from <name> on MySpace sent on <date> <time>'. Using the guise of a MySpace contact email, the spammers heighten the chances of potential victims opening the email. The message in the email then informs the user, 'You've got a new song from <name> on MySpace!', and invites them to click on a link to hear 'your MySpace music'.

The emails claim to point you to music on MySpace

The emails claim to point you to music on MySpace.

However, rather than taking users to the MySpace website, it directs them to a site claiming to sell MP3 music, and encourages them to pay to download music. The site, which only had its domain name registered on 5 October and claims to be based in Lappeenranta in Finland, has no affiliation with the social networking website.

"By making the headlines nearly everyday the MySpace brand has quickly become a household name, with 43 million users now signed up. As a result, it was only a matter of time before spammers jumped on its popularity for illegal purposes," said Graham Cluley, senior technology consultant at Sophos. "This email has been so aggressively spammed out that many of its recipients are not even MySpace users, so common sense should tell them the email is unsolicited and is to be deleted. Anyone who follows the links expecting to get free music, however, is risking handing their email address, credit card numbers and other private information into the hands of spammers."

Surfers who click on the link are not taken to MySpace but a website claiming to sell music downloads

Surfers who click on the link are not taken to MySpace but a website claiming to sell music downloads.

Sophos notes that in their pretence to come from MySpace and make their email appear legitimate, the spammers even include fake MySpace boilerplate text in their message:

At MySpace we care about your privacy. We have sent you this notification to facilitate your use as a member of the MySpace service. If you don't want to receive emails like this to your external email account in the future, change your Account Settings to "Do not send me notification emails"

Sophos continues to recommend that all organizations protect their email with an integrated security solution to thwart spam, spyware and malware threats.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.