Beware the MySpace Password Reset Confirmation malware attack

Malicious hackers are spamming out messages claiming to come from MySpace’s support team, informing unsuspecting users that as a “safety” measure their password has been changed.

Of course, the emails aren’t really from [email protected], and users who open the attached file risk infecting their computer with malware.

Bogus MySpace password reset confirmation email

A typical email looks like the following:

Sign up to our free newsletter.
Security news, advice, and tips.

Subject: Myspace Password Reset Confirmation! Your Support
Attached file: password.zip
Message body:

Hey <[email protected]>,
<[email protected]>,
<[email protected]>,
<[email protected]>,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
The Myspace Team.

Sophos products are intercepting a large number of malicious emails exhibiting these characteristics, detecting them as both spam and malware. Sophos anti-virus solutions detect the attached file as containing the Mal/EncPk-NP or Mal/BredoZp-B malware.

Once again, social networks are being used as the hook to trick innocent internet users into infecting their computers.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.