A number of profiles on BuddyProfile.com, which is ranked in the top 100,000 websites by Alexa, sending users to adult sites that install adware onto the victim's PC.
The site is used to enhance user profiles for AOL Instant Messenger. The malware then displays fake "security warnings" to affected users, according to a post on the McAfee Avert Labs weblog by researcher Allysa Myers.
What makes the scam even more disturbing is that BuddyProfile.com is most popular with teenagers, she said.
Researchers likened sites allowing users to embed HTML content into profiles to restaurants letting customers bring in their own food to sell.
One researcher characterized the situation as, "I'll take the salmonella and the botulism to go, please," according to the McAfee blog.
An Avert Labs representative could not immediately be reached for comment.
Researchers have warned that IM is a growing threat to corporate America's network security because of the growing number of employees that use the platform - many unregulated by administrators.
Links to malware within user-designed profiles are nothing new, according to McAfee. The Santa Clara, Calif. company warned of malicious user profiles on MySpace.com numerous times this summer.
Click here to email Frank Washkuch Jr.
Attackers target teenagers through fake IM profiles
By Frank Washkuch on Nov 30, 2006 7:15AM
Malicious users are targeting young instant messaging (IM) enthusiasts through bogus profiles that redirect them to adult websites, where adware is installed on their PCs.
Got a news tip for our journalists? Share it with us anonymously here.