Security analysts at McAfee have discovered a booby-trapped MySpace profile page that contains malware on users by recreating a Windows Update down the centre of the profile.
The image (seen below, image from The Register) looks authentic enough to those who are uninformed. It is superimposed over the profile page of someone named “Rita”. Clicking on the picture or anywhere near the ‘window’ will initate a window that will unleash the malware which includes downloaders, trojans and backdoors from multiple servers.
The attackers are sending requests to be friends with other MySpace users in the hope of getting them to click on the link. The downloads appear to be coming from Malaysia and Ukraine.
McAfee have contacted MySpace, but The Register is claiming it is still active. We do not know, as we don’t have the link.
If you have the Firefox extension NoScript will not save you, but common sense will. If you are also running McAfee’s security products, you do have a safety net – it will recognize the malware and will stop the installation.