MySpace users have yet another concern to keep them on the lookout: a bogus profile on the popular social networking site is being used to push a new malware attack
. According to McAfee, the attack starts as a friend request that, when clicked on, pops up what appears to be a legitimate Automatic Update window.
In reality, the popup window is just part of a larger image that takes up most of the computer screen. By clicking anywhere on this image the browser will attempt to download a “malware cocktail” that McAfee believes to consist of additional downloaders, several Trojans and a remote administration tool. According to McAfee, this attack has worked because hackers have either discovered a flaw in the MySpace code or found a way to take over user accounts.
This isn’t the first time MySpace profiles have been targeted by hackers to distribute their malware. In November 2007, hackers found a way to serve up malicious code from the MySpace profiles of Alicia Keys and a number of other artists.