Myspace "Fake Windows Update" scam is third time lucky for bad guys

Someone just emailed me to ask if I'd seen anything of the latest Myspace scam doing the rounds. I just did a bit of Googling and I'm guessing it's this?

"Using a hacked MySpace profile, online criminals are trying to trick victims into downloading a malicious Trojan Horse program by disguising it as a Microsoft update, according to researchers at security vendor McAfee.

The attack is certainly not widespread -- McAfee has seen it used on only one MySpace profile -- but it does show how sites like MySpace can be abused by criminals."

Myspace has a lot of scams doing the rounds that are actually recycled over and over again. In this case, the fake "Windows update" has been around a long time, and used in two different waves of infections (that we know of).

Last June, they were used to try and install rogue antispyware - and then they resurfaced again in October, pushing what looks like a random assortment of hijacks.

If anyone has seen this latest round of installs in action, can they confirm exactly what this new attack tries to install? At first glance, it sounds like a similar setup to the second batch - I'd love to know if the same people are potentially behind all these attacks (or at least some of them), because if it is, it's an unusually drawn out campaign for a Myspace scam.