MySpace Storm...

It seems that the Storm Worm Gang have finally changed their social engineering tactic from the New Year e-cards that we have been seeing since the 26th of December until the 2nd of January when they sent out their last new version of that particular tactic!

So, what are they now using to get you to infect your computer? They are using fake MySpace invite e-mails which contain links to phishing quality fake MySpace websites.

This seems rather spooky as I was blogging about social network engineering on the 4th of January!

Here's a screenshot of what just one of these new MySpace based emails look like:





The body text can be one of a number of fake names and text strings. The rest of the e-mail including the links appear to be fairly static, at the moment, anyway. Once more the link is an actual domain name, rather than the more usual IP address based links that the Storm Worm gang used to use.

Of course, when you click on the link you go to a very professional, but fake MySpace site.

Here is a screenshot of the web page you could end up on if you click on the link in one of these fake MySpace themed e-mails.



In fact there are several links in the e-mail which take you to different domain names, all under the control of the Storm Worm gang.

Here's another example showing another domain name in use.



The message shown is fake, the 'install_flash_player.exe' file offered isn't genuine, in other words, if you are unwise enough to download the file and run it you won't get a copy of Flash Player installed, in fact you will get a bot installed instead and your computer will join one of the many Storm Worm botnets.

Just to make it crystal clear, the file offered on this site will NOT install or update Flash Player; All that will happen is that your computer will be infected and turned in to a zombie [bot infected computer that is part of a botnet], if it is not protected by any mitigating technologies, such as up-to-date anti-virus, and so on.

At the time of publishing this entry detection was still very patchy, with a number of the top anti-virus products not detecting the malware laden file as infected, you have been warned.

As mentioned before, please do not go to these sites and download the files offered, as they are real, live, malware.

More details on the file currently being offered can be found here on my VSUB blog, complete with detection results at the time of publishing.

No doubt I'll be updating this post in the next day or so, as the Bad Guys and Girls tinker with their latest social engineering technique, or they change it to a new one...

As I post this I have now received over FIFTY of the fake MySpace invite e-mails!