- Rogue Security Applications Being Pushed On Myspace
If you happened to open up certain profiles on Myspace these past few days, you'd have the misfortune of seeing the following appear in the middle of your screen:
That's a vaguely scary thing to have appear on a Myspace profile, because you just know it's going to be pressed a ridiculous amount of times. Upon downloading the file, if the user runs it, when using Internet Explorer they'll see some of the below sights:
Of course, no hijack like this would be complete without some fake Taskbar warnings, right?
If you click on either the popups or the hijacked IE banner you're taken to a site called Antispysolutions.com:
Time for a quick detour. Here's some coverage of one of the programs, Spy Away, from March of this year. Have a look at the fake "detection" in the detections box - note that it simply says "Sistray.exe". Apparently the application and / or site vanished for a while. Well, fast forward to the present day and if you download and run the executable, you'll see a very interesting difference:
...the application claims to "detect" 180 Solutions (Zango), along with a few other items. This is done by downloading some "dummy" files that the scanner then magically finds. The files themselves don't do anything as far as we can tell apart from sit there and feed the results of the scanner - of course, they aren't legitimate Zango executables. Here's a screenshot of some of the files deposited onto the PC:
Myspace users would do well to give these so-called security applications a miss. This particular install works best on Windows 2000 - if the user is on XP, there's a good chance nothing will happen. Thanks to LoLo for the tipoff.
Research Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research: Peter Jayaraj, FSL Threat Researcher