MySpace profile pages are once again being used to launch malicious code. This time the code turns a computer into a member of a botnet by installing FluxBot, also known as Fast Flux.
To successfully install the bot onto someone's computer, links to malicious code are hidden inside iFrame tags or launched via embedded Shockwave files. The malicious code tries to exploit known vulnerabilities in Internet Explorer that Microsoft issued patches for in June of last year.
After installation, the bot makes the infected computer work as a proxy system for use in phishing scams and malware delivery. The bot forwards Web and DNS requests to upstream systems. The overall effect of the proxy network helps mask the real sites that are hosting the scams and malware.
According to Johannes Ullrich at SANS' Internet Storm Center, "Several hundred MySpace profiles were discovered \[that were\] injected with links to phishing \[scams\], and it is easy to imagine that many more were affected."
MySpace is reportedly working to remove the pages that contain the malicious links and Shockwave files.