Trend Micro was recently alerted to a possible malware detection triggered when visiting MySpace Web pages. According to reports, certain MySpace pages are being detected as Possible_HiFrm.

Possible_HiFrm is a heuristic detection noted for being effective in detecting malicious iframes and redirects pointing to most of the old and some of the recent Web threats. Possible_Hifrm is Trend Micro’s aggressive pattern used to detect characteristics common to iframes pointing to malicious web sites.

Reports of recent Web site compromises accomplished through iframes include the high-profile SEO attacks, Wired.com and History.com search engine attacks, the mass compromise of various sites in China, Taiwan, etc., and other Asian sites injected with nasty code, most of which have been summarized in Total Recall: The Month of Mass Compromises.

Further analysis reveals the reported MySpace pages do contain malicious scripts that Trend Micro detects as JS_DIRESEX.A. This JavaScript is programmed to secretly connect to a porn site (hence the detection name) which pops up unexpectedly while the user is browsing. Its code is obfuscated three times (whereas a single deobfuscation is already a telltale sign of malicious behavior this side of the industry), in an attempt to make analysis of the JavaScript harder for malware analysts.

Trend Micro has reported to Myspace the findings on the said reports from their users and has not received a reply as of writing. This is not the first time a social networking site has been leveraged to target unsuspecting users. Around three weeks ago we reported about Worms Wriggling Their Way Through Facebook.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!