Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Hi5 "Add Friend" Malicious Spam

Date:10.13.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered a new malicious, visual social-engineering spam campaign masquerading as official emails sent by the popular Web 2.0 social-networking site Hi5.

The email comes in Spanish language, and is spoofed to appear as if it comes from the domain hi5.com, an official domain used by Hi5 for their outbound emails when notifying their users of an event.

It is common for Hi5 to send an email to notify their users when another Hi5 user adds them as a friend on the social network. However, the spammers embedded malicious links and a fake friend photograph in order to entice the recipient to click on them, which leads to a download of a Trojan horse (md5: 5f6b089f0048e6510c78bb38a3909b9c). The malicious application aims to steal confidential logins for a popular Mexican bank.

A-V detection of this banker Trojan is low.

A fake Hi5 friend request is included in the body of the email. We have previously alerted on a similar attack relating to Facebook "add friend" Malicious Spam . This clearly indicates that spammer and malware authors are increasingly targeting Web 2.0 sites to carry out their attacks.

Screenshot of the email:

Websense Messaging and Websense Web Security customers are protected against this attack.