MySpace users are at risk from hacked profile pages that attempt to install malware disguised as legitimate Windows updates, warns McAfee.
"In this latest social engineering scenario an attacker sends a new 'friend request' to MySpace users. When the user clicks on the picture or name of their new potential friend, an overlaid image of what looks like a legitimate Windows 'Automatic Update' pop-up box is displayed," claims a McAfee security alert on the Avert Labs blog.

If the user clicks on this fake update request then the browser will attempt to download a "malware cocktail" that McAfee believes to consist of additional downloaders, several trojans and a remote administration tool that could provide hackers with access to a user's PC.

Spotted here