Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have warned of
an aggressively distributed spam campaign that uses the name of the
popular MySpace social networking site in an attempt to phish
information from music lovers. The emails have been spammed out to
hundreds of thousands of computer users around the globe in the
last week, luring them into clicking on links to a website posing
as an online music store.
The subject headings of the spam emails typically read: 'New
message from <name> on MySpace sent on <date>
<time>'. Using the guise of a MySpace contact email, the
spammers heighten the chances of potential victims opening the
email. The message in the email then informs the user, 'You've got
a new song from <name> on MySpace!', and invites them to
click on a link to hear 'your MySpace music'.
The emails claim to point you to music on
MySpace.
However, rather than taking users to the MySpace website, it
directs them to a site claiming to sell MP3 music, and encourages
them to pay to download music. The site, which only had its domain
name registered on 5 October and claims to be based in Lappeenranta
in Finland, has no affiliation with the social networking
website.
"By making the headlines nearly everyday the MySpace brand has
quickly become a household name, with 43 million users now signed
up. As a result, it was only a matter of time before spammers
jumped on its popularity for illegal purposes," said Graham Cluley, senior
technology consultant at Sophos. "This email has been so
aggressively spammed out that many of its recipients are not even
MySpace users, so common sense should tell them the email is
unsolicited and is to be deleted. Anyone who follows the links
expecting to get free music, however, is risking handing their
email address, credit card numbers and other private information
into the hands of spammers."
Surfers who click on the link are not taken to
MySpace but a website claiming to sell music downloads.
Sophos notes that in their pretence to come from MySpace and
make their email appear legitimate, the spammers even include fake
MySpace boilerplate text in their message:
At MySpace we care about your privacy.
We have sent you this notification to facilitate your use as a
member of the MySpace service. If you don't want to receive emails
like this to your external email account in the future, change your
Account Settings to "Do not send me notification emails"
Sophos continues to recommend that all organizations protect
their email with an integrated security
solution to thwart spam, spyware and malware threats.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.