MySpace is full of people who'd like you to try their wares. If it's music or comedy, so much the better. Beware, though, as you may also get something more nefarious. In addition to the two MySpace viruses this year, there are now two reports of MySpace being used to increase installations of adware.

The most recent report is of an ad that was placed on MySpace, which used the WMF exploit which was patched in January (MS06-004), to install adware. Earlier this month, it was found that another company had created profiles on MySpace in order to increase installs of their adware.

Again, we run into the difficulties in balancing functionality and security. There's really nothing to prevent profiles being created for questionable purposes. And in further searching, it actually appears that at some point in the past there were quite a few sites that were linking to Zango downloads, not just those connected to video clips. One such member's page is very clear about his intentions - he's part of the affiliate program, and he's trying to make some money.

Unfortunately, this behavior is explicitly forbidden in the MySpace Terms of Use Agreement. His account has apparently been terminated since posting that request for downloads. Other users have been more fortunate (perhaps they took it down before they were caught, but not before Google could index it!) while links to adware downloads have been removed from their profiles, the rest of their profile is still available.

Also in the Terms of Use Agreement is the caveat that MySpace may require you to download software or content in order to participate in certain services. The update to the video player could be considered one of these things. It could be considered quite confusing for certain users to know which downloads for video players are legitimate, and which are unapproved.

A virus author responded today to the theme of Sage. Said he was the author of Leprosy and Leprosy.B.

Since we just topped 200,000 malware detections, his two comprise .001% of that total. Tiny trifling amount. But Gartner just released data for the Worldwide Antivirus Software Market for 2005 with a figure exceeding US$4B. Let's see, 200,000 is to 2 as $4 billion is to … $40,000. That would be one measure of Neil McAllister's burden on society for 2005.

The problem with writing viruses, they never go away. There is an associated cost to society for the deed that cannot be undone. And for this reason (and many others) you continually hear, no antivirus company will hire ex-virus writers. No matter how "ex" they are, their creations live on.

There had been several instances of the FormSpy trojan being discovered in the wild today. Its installer was heuristically detected as New Malware.ag (now Downloader-AXM).

Upon successful execution, FormSpy hooks mouse and keyboard events in the Mozilla Firefox web browser. It can then forwards information such as credit card numbers, passwords and URLs typed in the browser to a malicious website hosted at IP address 81.95.xx.xx.

Typically, Mozilla Firefox components are installed via .xpi files where users are prompted to confirm the installation. FormSpy writes and modifies Mozilla configuration files directly which bypasses this confirmation process.

When Mozilla Firefox became a popular alternative to Internet Explorer, it was only a matter of time that spyware and trojan authors start writing malicious code in the form of Mozilla Firefox components. Mozilla Firefox users should exercise caution in downloading and installing unsigned extension components from unreliable sources.

Microsoft products have always been an attractive target for hackers and malware authors. With every emergence of a new scripting platform from Microsoft, virus authors have taken advantages of the features of the new scripting language to create milestones in virus outbreak history. The W97M/Melissa outbreak in 1999 that took advantage of word macros and VBS/Loveletter that used the visual basic scripting language to wreak havoc in the year 2000 would go down infamously in history as the most successful script viruses.

Last week, a proof of concept virus "MSH/Cibyz" based on Windows PowerShell was released by members of the RRLF virus group. PowerShell is the new command line shell and scripting language for Microsoft Windows and is seen as a replacement for the default command interpreter shell. It runs on Windows XP, Windows Server 2003, Windows Vista and Windows Longhorn but does not come installed by default as of now.

MSH/Cibyz belongs to the plain old garden variety shell script virus and it uses the same infection methods that one could with any shell, not just the Windows PowerShell in particular. It cannot achieve memory residency nor possess rootkit capabilities, however malicious code written in Windows PowerShell can be modified to drop a Win32 executable on an infected system to achieve the above mentioned features.

Members of the RRLF group had previously released two proof of concept viruses in the past year targeting Microsoft Windows Vista. First was MSH/Danom a script virus written in Monad, the predecessor to Windows PowerShell and the other was W32/Usined alias MSIL/Idonus that used the Dot Net framework. Sadly these viruses can't stake the claim to be Windows Vista viruses and are just Microsoft Shell viruses.

This doesn't seem to deter virus authors working overtime to get their creations ready for Windows Vista and Longhorn to ensure they are in the news for all the wrong reasons.

With Windows PowerShell offering the functionality to do anything one can do from the graphical user interface, via a command line shell, it makes it an attractive platform for malware authors to write next generation viruses. Only time will tell=85