Doom watchers at McAfee have discovered a booby-trapped MySpace page that foists malware on users by spoofing a Microsoft update down the center of the profile.

The image (below) looks authentic enough to the drunk and uninformed. It is superimposed over the profile of a MySpace user who goes by the name of Rita. Clicking on the pic, or anywhere near it, initiates a download window that, if accepted, unleashes a malware cocktail that includes downloaders, Trojans and backdoors from multiple servers.

Attackers are sending friend requests to MySpace users in the hopes of getting them to click on the poisoned link. The downloads appear to come from Malaysia and the Ukraine.

McAfee researchers have contacted MySpace. The page, however, remained active as of time of writing of this article.

And so we find another strong endorsement for safe browsing practices. The Firefox extension NoScript won't save you this time, but common sense will. If a nubile hotty that's half your age and that you've never met sends a message asking to be your friend, odds are good you're being scammed.

Those running McAfee security software have a safety net. It recognizes the malware and stops its installation. ®

More comments…

Related stories

Image uploader bug blights MySpace (1 February 2008)
MySpace wins UK domain name that pre-dated its service (29 January 2008)
Drive-by download menace spreading fast (23 January 2008)
MySpace reveals child predator blocks (14 January 2008)
Contest seeks the most diminutive XSS worm (5 January 2008)
Firefox spoofing bug raises phishing fears (4 January 2008)
Beware of pickpockets and malware-laced banner ads (4 January 2008)
Portuguese-speaking worm attacks Google Orkut users (19 December 2007)
MySpace celebrity hacker downs hacking forum (7 December 2007)