Malware discovered alive and kicking on MySpace

According to McAfee Avert Labs, an attacker sends a ‘new friend’ request to MySpace users. When the user clicks on the picture or name of their new ‘friend’, an overlaid image of what looks like a legitimate Windows automatic update pop-up box is displayed. Clicking on or near this bogus dialogue results in a request for a file download that is visually disguised as a Microsoft update designated ‘updateKB890830.exe’ from a server named “winxpupdate.Microsoft[removed]”. Instead of an update, however, this download contains a malware cocktail containing additional downloaders, several Trojans, as well as a remote admin tool. McAfee is advising users to be aware of dialogues that have abnormal properties. “One such property may be that the dialogue disappears when the web browser is minimised. If this is the case, then the dialogue is probably an image rendered within the context of a web browser and is not a legitimate update. McAfee AV users were proactively protected against this threat.” McAfee says it has also found that the downloads appear to come from Malaysia and the Ukraine. The malicious MySpace profile is still live, even though MySpace and Microsoft have both been notified. “MySpace users should beware of friend requests from people they don't know and be cautious when surfing MySpace profiles. McAfee security software will actively recognise the malware and stop its installation, so McAfee customers are currently protected against this particular pest,” says the company.