MySpace malware poses as Windows update
MySpace users are at risk from hacked profile pages that attempt to install malware disguised as legitimate Windows updates, warns McAfee.
“In this latest social engineering scenario an attacker sends a new ‘friend request’ to MySpace users. When the user clicks on the picture or name of their new potential friend, an overlaid image of what looks like a legitimate Windows ‘Automatic Update’ pop-up box is displayed,” claims a McAfee security alert on the Avert Labs blog.
If the user clicks on this fake update request then the browser will attempt to download a “malware cocktail” that McAfee believes to consist of additional downloaders, several trojans and a remote administration tool that could provide hackers with access to a user’s PC.
Last week the rival social networking site, Facebook, was forced to remove the Secret Crush application after claims emerged that it attempted to install malware on to users’ PCs.
MySpace has not been available for comment.