Select Page

My colleague John LaCour over MarkMonitor shared this one with me. It just goes to show how social networks can be used to spawn malware (as Dan Hubbard at WebSense describes it, “Web 2 dot uh oh”). When you give anyone in the world the ability to rapidly and anonymously create web pages, and then invite “friends”, you’re asking for trouble.

John got an invite saying “Jocelyn wants to be my friend”. The invite has showed a picture of a young lady in a bikini.

Jocelyn199123812312321

(Perhaps a more accurate portrayal might be here).

Once you check Jocelyn’s profile, you get a link to download the Zlob trojan, from http://privatemsprofiles(dot)net/download(dot)php.

Myspace91991233

(Obviously, don’t download this trojan, and don’t go to Jocelyn’s profile unless you’re in a virtual machine.)

Incidentally, do you want to guess what the number one piece of spyware out there is? Zlob. You can see this right on the front page of our research center, which pulls live threat stats from our ThreatNet network. (Zlob is a trojan that downloads as a fake “Codec”, purporting to be requried in order for you to view a video clip.)

Threatnet1293123123123123

What’s really sad is all those people that you can see on Jocelyn’s profile who have been pwned.

Alex Eckelberry