Avert Labs

Late last Friday, Avert Labs became aware of an interesting piece of malware. In this latest social engineering scenario an attacker sends a new “friend request” to MySpace users. When the user clicks on the picture or name of their new potential friend, an overlaid image of what looks like a legitimate Windows “Automatic Update” pop-up box is displayed. Clicking on or near this bogus dialog will result in a request for a file download that is visually disguised as a Microsoft update called “updateKB890830.exe” from a server named “winxpupdate.Microsoft[removed]”.