Bogus YouTube clip installs Zango Cash
Security researchers have discovered a number of user pages on MySpace containing what appear to be YouTube videos that come bundled with a Zango Cash adware installer, an application that loads intrusive pop-up advertising software onto infected PCs.
Users curious about the Windows Media videos are directed to a site called "Yootube.info". The site - which is nothing to do with the Google owned naff clip site - has a picture of a scantily clad young woman on its front page.
Surfers lured onto the site via the MySpace link are invited to accept an end-user licensing agreement in order to watch the video. If the user accepts, the video downloads while covertly attempting to install Zango Cash, net security firm WebSense reports . The attack uses a type of Windows DRM loophole previously used  to spread Trojans and other malware.
Last Friday, the US Federal Trade Commission reached a settlement with Zango (PDF ) over complaints about sneaky adware installs made by its affiliates. Zango (formerly know as 180Solutions) agreed to pay $3m and to be bound over by an agreement to make sure its widely criticised software apps are only installed with consent.
For its part, Zango said  it's cleaned up its act. The MySpace attack suggests that Zango still has some way to go in putting its house in order. ®