20 Mar 2007
MySpace malware could steal information from web users
Companies advised to enforce policies over access to social networking websites
IT security and control firm Sophos has advised companies to set
policies over which websites users can visit during work hours,
following the discovery of more malicious code posted on the
MySpace social networking website.
The SpaceStalk spyware
Trojan horse has been discovered embedded in a QuickTime movie on
the MySpace page of MAMASAID, a French rock band. The Javascript
code downloads further malicious code from the net designed to
steal information.
A malicious script has been found on the French
rock band's MySpace page.
"MySpace is phenomenally popular - but sadly not just with
teenagers trying to keep in touch and internet-savvy pop groups.
Hackers are also interested in stealing information from MySpace
users," said Graham
Cluley, senior technology consultant for Sophos. "Companies are
becoming concerned that workers are visiting social networking
websites, not just because it can distract from real work - but
also because it may introduce malware into the workplace."
Sophos customers have been automatically protected against the
SpaceStalk malware since 15:02 GMT on 16 March 2007. Users of
Sophos's WS1000 Web Security
Appliance can set policies over which websites are acceptable
to access during the working day.
Sophos continues to recommend that all organizations protect
their email with an integrated security
solution to thwart spam, spyware and malware threats.
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.