MySpace page serves up fake Microsoft security update

Clicking the fraudulent update could install malicious code on your desktop.

According to security vendor McAfee, one of the profiles on MySpace currently serves up a fraudulent Microsoft security update that, if clicked, attempts to load malicious software. The profile of a 42-year-old woman from Arkansas appears to exist solely for the purpose of infecting visitors. McAfee says that both Microsoft and MySpace have been contacted.

Joris Evers, publicity director at McAfee, says "attackers send unwitting MySpace users a friend request, asking them to become friends with 'Rita.' When the user clicks to see who 'Rita' is they are sent to the profile that serves up malware." The profile page is "overlaid with what looks like a legitimate Windows 'Automatic Updates' pop-up box. Clicking on or near the pop-up results in a request for a file download masked as a Microsoft update called 'updateKB890830.exe' from a server that includes 'winxpupdate.Microsoft' in its name."

As of now the page is still available on the MySpace site. McAfee says its customers are protected. CNET tested ZoneAlarm and a few other security apps that also blocked access to the malicious code.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

The problem with hoarding photos on your phone

Do you have hundreds (or thousands) of photos on your phone? This one's for you.

by Sharon Profis