Beware the MySpace Password Reset Confirmation malware attack

Graham Cluley
@gcluley

Malicious hackers are spamming out messages claiming to come from MySpace’s support team, informing unsuspecting users that as a “safety” measure their password has been changed.

Of course, the emails aren’t really from support@myspace.com, and users who open the attached file risk infecting their computer with malware.

A typical email looks like the following:

Subject: Myspace Password Reset Confirmation! Your Support
Attached file: password.zip
Message body:

Hey <name1@example.com>
<name2@example.com>,
<name3@example.com>,
<name4@example.com>,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
The Myspace Team.

Sophos products are intercepting...

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.