As the number of applications and programs written for social networking sites like MySpace (News - Alert) increases, the number of Trojans and worms written specifically for these sites is also on the rise. Online criminals are now targeting MySpace by trying to trick users into downloading a Trojan, which is disguised as a Microsoft (News - Alert) update. These MySpace hackers are using a fake profile.

 

The Trojan, known as TFactory, is a well-known piece of code that has been used by criminals for more than a year, PC World reported Saturday. The attack is not widespread and security company McAfee (News - Alert) has observed it only on Web sites like MySpace, PC world said, citing information from McAfee security research manager Dave Marcus.

 

Here’s how the scam works: MySpace users encounter a pop-up window suggesting that they download the latest version of Microsoft's Windows Malicious Software Removal Tool, released last Tuesday. The window claims the software is distributed by Microsoft to help Windows users rid their systems of malware.

 

In reality, PC World said, when users click the download link, the pop-up window turns into a nearly fullscreen image; if the users clicks anywhere on the image, download of the Trojan begins.

 

To target individual users, it appears that hackers either figured out a way to obtain usernames and passwords for profiles, or located security flaws on the Web site, PC World said.