Press Releases

Browse our press release archive

20 Mar 2007

MySpace malware could steal information from web users

Companies advised to enforce policies over access to social networking websites

IT security and control firm Sophos has advised companies to set policies over which websites users can visit during work hours, following the discovery of more malicious code posted on the MySpace social networking website.

The SpaceStalk spyware Trojan horse has been discovered embedded in a QuickTime movie on the MySpace page of MAMASAID, a French rock band. The Javascript code downloads further malicious code from the net designed to steal information.

MAMASAID on MySpace
A malicious script has been found on the French rock band's MySpace page.

"MySpace is phenomenally popular - but sadly not just with teenagers trying to keep in touch and internet-savvy pop groups. Hackers are also interested in stealing information from MySpace users," said Graham Cluley, senior technology consultant for Sophos. "Companies are becoming concerned that workers are visiting social networking websites, not just because it can distract from real work - but also because it may introduce malware into the workplace."

Sophos customers have been automatically protected against the SpaceStalk malware since 15:02 GMT on 16 March 2007. Users of Sophos's WS1000 Web Security Appliance can set policies over which websites are acceptable to access during the working day.

Sophos continues to recommend that all organizations protect their email with an integrated security solution to thwart spam, spyware and malware threats.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.