McAfee Avert Labs announced Friday a Trojan horse attack disguised as a Microsoft update on a particular MySpace profile.
Attackers send friend requests to the victim MySpace users. Clicking on the person’s picture or name link loads a profile page with what looks like a legitimate Windows Automatic Updates pop-up box. When the user clicks the pop-up, it results in a request for a file download masked as a Microsoft update called “updateKB890830.exe” from a server that includes “winxpupdate.Microsoft” in its name.”
“The file in actuality is a true malware cocktail,” McAfee said. “If installed and run it downloads programs from multiple servers that in turn download more malware in addition to Trojans, and a remote control tool.”
Initially, McAfee thought the download files look to be from China, but its Avert Labs determined the origin of the IP address belonging to an ISP in Malaysia and further downloads directed from the Ukraine.
The malicious MySpace profile is still live, McAfee said late Friday. MySpace and Microsoft have both been notified. Users should beware of friend requests from people they don’t know and be cautious when surfing MySpace profiles.