Mass MySpace spam attack as phishers strike

Reports are spreading of a mass spamming campaign organised by phishers which uses spoofed MySpace addresses to direct users to bogus web sites.

The ruse uses spoofed MySpace messages, that even contain the regular site boilerplate copy, claim to have a link to a song the recipient might like. Instead the link leads to a site selling very cheap music, but when the user tries to buy then the credit card details are harvested for later use.

"This email has been so aggressively spammed out that many of its recipients are not even MySpace users, so common sense should tell them the email is unsolicited and is to be deleted," said Graham Cluley, senior technology consultant at Sophos.

"By making the headlines nearly everyday, the MySpace brand has quickly become a household name, with 43 million users now signed up. As a result, it was only a matter of time before spammers jumped on its popularity for illegal purposes."

In addition, the sender's email server is positively spoofed; one detection originated from a bank in Japan. The site, which only had its domain name registered on 5 October and claims to be based in Lappeenranta in Finland, has no affiliation with the social networking website.

"This kind of deception resembles criminal renting a Porsche and trying to pass it off as his or her own in order to gain the trust of innocent victims," said Bryan Lu, virus researcher for Fortinet.