According to Chris Boyd, director of malware research for security vendor FaceTime who blogs under the pseudonym "Paperghost," users are being tricked into downloading the adware through embedded video links on friend's profiles.
"Well, I was rattling around Myspace the other day, and had the sudden urge to start searching for Adware companies," said Boyd. "Sure enough, I was surprised to find two profiles called 'Zango.' Both created on the same day and at the same time, one pushed a toolbar and programs designed to 'protect kids from predators.'"
He said the other launched a pop-up prompting a user to accept a licence to play a video file. This then installs the Zango search assistant and toolbar.
Malware is nothing new to social networking sites such as MySpace, as malicious users have taken advantage of the sites for social engineering.
A spokesman for Zango told SC Magazine's Australian sister website ITNews.com.au that the profiles were created by a company developer who "didn't realize was Zango business practice not to target MySpace."
"He should not have been doing this, and we want to tell MySpace that we didn't mean to target them," said the spokesman. He added that the profiles would soon be deleted.
Boyd said the movies are gone but the profiles remained when he was updating his blog.
"I wouldn't start organizing a victory parade, as Zango have made it clear they're not responsible for 'policing the sharing of their content,' so here we have a major contradiction," said Boyd. "On the one hand, they're saying 'please Myspace, don't be mad. We didn't mean to break your rules, and we agree, our movies should not be on Myspace.'"
Boyd added that on the other hand, Zango is "also saying that 'we're not responsible for policing people pushing our software in this way,' so surely the end result will eventually be...more of these moviefiles on Myspace?"