Security researchers have discovered a number of user pages on MySpace containing what appear to be YouTube videos that come bundled with a Zango Cash adware installer, an application that loads intrusive pop-up advertising software onto infected PCs.

Users curious about the Windows Media videos are directed to a site called "Yootube.info". The site - which is nothing to do with the Google owned naff clip site - has a picture of a scantily clad young woman on its front page.

Surfers lured onto the site via the MySpace link are invited to accept an end-user licensing agreement in order to watch the video. If the user accepts, the video downloads while covertly attempting to install Zango Cash, net security firm WebSense reports (http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=689). The attack uses a type of Windows DRM loophole previously used (http://www.theregister.co.uk/2005/01/13/drm_trojan) to spread Trojans and other malware.

Last Friday, the US Federal Trade Commission reached a settlement with Zango (PDF (http://www.ftc.gov/os/caselist/0523130/0523130agree061103.pdf)) over complaints about sneaky adware installs made by its affiliates. Zango (formerly know as 180Solutions) agreed to pay $3m and to be bound over by an agreement to make sure its widely criticised software apps are only installed with consent.

For its part, Zango said (http://www.zango.com/Destination/Corporate/ReadArticle.aspx?id=55f) it's cleaned up its act. The MySpace attack suggests that Zango still has some way to go in putting its house in order. ®

Related stories

Secret Crush widget spreads adware on Facebook (4 January 2008)
http://www.channelregister.co.uk/2008/01/04/facebook_adware/
Zango abandons PC Tools adware lawsuit (29 August 2007)
http://www.channelregister.co.uk/2007/08/29/zango_pc_tools_lawsuit_dropped/
Is that YouTube clip you just watched booby trapped? (20 June 2007)
http://www.theregister.co.uk/2007/06/20/youtube_security/
Judge pours generous portion of cold water on Zango (6 June 2007)
http://www.channelregister.co.uk/2007/06/06/zango_request_denied/
Adware firm sues over adware classification (18 May 2007)
http://www.theregister.co.uk/2007/05/18/zango_sues_pc_tools/
MySpace to be co-opted into Month of Bugs (20 March 2007)
http://www.channelregister.co.uk/2007/03/20/myspace_momby/
MySpace-hosted malware exploits QuickTime flaw (16 March 2007)
http://www.theregister.co.uk/2007/03/16/myspace_quicktime_exploit/
Old adware habits hard to break for AT&T and Travelocity (16 March 2007)
http://www.theregister.co.uk/2007/03/16/naughty_att_priceline_ads/
Webmaster pays $3,300 to settle malware charges (1 March 2007)
http://www.theregister.co.uk/2007/03/01/ftc_spyware_settlement/
Hackers debut Mac OS X adware (24 November 2006)
http://www.channelregister.co.uk/2006/11/24/mac_os_x_adware/
Spyware firms pay token fines to FTC (22 November 2006)
http://www.channelregister.co.uk/2006/11/22/ftc_spyware_settlement/
Malware goes to the movies (16 November 2006)
http://www.channelregister.co.uk/2006/11/16/movies_gets_malware/
Google posts Kama Sutra worm (9 November 2006)
http://www.channelregister.co.uk/2006/11/09/google_kam_sutra_worm_snafu/
German music publishers demand YouTube royalties (9 November 2006)
http://www.theregister.co.uk/2006/11/09/german_publishers_demand_royalties/
FTC fines notorious adware firm $3m (3 November 2006)
http://www.theregister.co.uk/2006/11/03/ftc_fines_zango/
Adware firm 180solutions in image makeover (28 June 2005)
http://www.channelregister.co.uk/2005/06/28/180_image_makeover/
Trojans exploit Windows DRM loophole (13 January 2005)
http://www.theregister.co.uk/2005/01/13/drm_trojan/
180solutions answers pop-up charges (30 July 2004)
http://www.theregister.co.uk/2004/07/30/180solutions_letter/
Pop-up goes the commission (28 July 2004)
http://www.theregister.co.uk/2004/07/28/affiliate_network_controversy/