FYI...

- http://blog.trendmicro.com/phishers-drop-myspace-bait/
June 9, 2008 - "...new phishing attack that leads to the download of malware. However, unlike most instances where phishing baits are usually banks, credit unions or other financial institutions, this time it uses the popular social networking Web site MySpace.com. The phishing URL may be contained in spammed email messages. Once recipients of said messages click or visit the URL, it displays a spoofed MySpace login page. It also uses a popup window declaring a supposed MySpace profile object error and requires that the user download the new version of a new MySpace profile object. Therein lies the trick: When the user clicks the “continue” button, malicious files are not only downloaded but also automatically installed. The said malicious files are detected as TROJ_ZLOB.GUZ and BKDR_IRCBOT.BGY... And if the user tries to exit the page, it will not close until the said file is downloaded. To exit, a user needs to terminate the program using Task Manager... phishing URL hxxp ://{BLOCKED}ce404-error.farvista.net/myspace.php ..."

(Screenshot available at the URL above.)