Doom watchers at McAfee have discovered a booby-trapped MySpace page that foists malware on users by spoofing a Microsoft update down the center of the profile.
The image (right) looks authentic enough to the drunk and uninformed. It is superimposed over the profile of a MySpace user who goes by the name of Rita. Clicking on the pic, or anywhere near it, initiates a download window that, if accepted, unleashes a malware cocktail that includes downloaders, Trojans and backdoors from multiple servers.
Attackers are sending friend requests to MySpace users in the hopes of getting them to click on the poisoned link. The downloads appear to come from Malaysia and the Ukraine.
McAfee researchers have contacted MySpace. The page, however, remained active as of time of writing of this article.
And so we find another strong endorsement for safe browsing practices. The Firefox extension NoScript won't save you this time, but common sense will. If a nubile hotty that's half your age and that you've never met sends a message asking to be your friend, odds are good you're being scammed.
Those running McAfee security software have a safety net. It recognizes the malware and stops its installation.
Source:→ The Register
Security, Vulnerability, MySpace, Website, Page, Web Page, Social Network, Malware, Exploit, Spoofing, Microsoft, Update, Microsoft, Update