McAfee researchers are warning of a new MySpace phishing campaign in which users receive “friend” requests that attempt to infect them with assorted malware disguised as a Microsoft update.

The Trojan, known as TFactory, is a well-known piece of code that has been used by criminals for more than a year, PC World reported Saturday. The attack is not widespread and security companyMcAfee ( News – Alert) has observed it only on Web sites like MySpace, PC world said, citing information from McAfee security research manager Dave Marcus.

The infiltrated MySpace profile is still live at the time of writing, but both MySpace and Microsoft have both been notified. McAfee have warned MySpace users to beware of friend requests from people they don’t know and be careful when browsing MySpace profiles.

Hackers were able to launch this attack because they either discovered a flaw in the MySpace code or found a way of taking over user accounts, Marcus said. “Our best guess is [the owner of the one MySpace profile] just got their password and user name phished,” he said.