toggle

AAPL Stock: 104.94 ( + 0.11 )

Printed from http://www.macnn.com

MySpace worm exploits QuickTime

updated 05:15 pm EST, Mon December 4, 2006

Worm exploits QuickTime

A worm affecting the MySpace journal network is exploiting Apple's QuickTime player, according to one report. As much as a third of MySpace could be contaminated with infection beginning by visiting a journal with an embedded QuickTime movie. The contaminated movie uses JavaScript to display a menu that links to an external website where users are asked to enter login information which is promptly stolen, and in turn used to infect the user's own MySpace journal. The purpose of the worm appears to be spam, which is sent to names on a user's MySpace contact list and directs readers to a pornography site, which also hosts adware by Zango. IDG News observes that Zango paid $3 million last month in a dispute with the Federal Trade Commission, who accused the company of failing to ask for consent before installing its product.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. dscottbuch

    Joined: Dec 1969

    0

    Worm?

    This sounds more like phishing!!!. You're supposed to be able to link to web site from withing Quicktime. It can be any web site. What that web site does is up to it.

  1. eldarkus

    Joined: Dec 1969

    0

    Worm? yes..

    It spreads itself so it's definitely a worm.

    WIki - A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention.

  1. UberFu

    Joined: Dec 1969

    0

    which platform ??

    this isn't Apple's fault or problem_ It still comes back to stupid users_

    And if it's embedding a replica of itself on the user's MySpace Webpage - then that means it is server side and is actually hacking MySpace servers_

    It's running thru a CSS file that can be submitted to a person's MySpace Page - chich resides on the MySpace servers_

    I have only seen PC-based screenshots of this quicktime thing_ But since the OS X interface is partly based on javascript-xml-css - but all of this is not entirely cross-platform_

    And the article MACNN references above mentions that it is residual from adware based software which tends to be Windows specific_

    So yeah - everyone out there in the Mac world get all paranoid now that we're on Intel based processors_ not_

    the ComputerWorld link also references WebSense - which shows a screenshot of a sample page - using IE 7 - CSS and javascript handle slightly differently - is based on a different architecture and kills a bunch of legacy code supported by previous versions_

    So it'll be fun to see exactly which browsers and and platforms this specifically affects_

  1. Tomahawk

    Joined: Dec 1969

    0

    Worm? No

    Read it again... It displays a menu linking to another site where users are asked to enter their login info. If you enter your info THEN it replicates. Therefore it would be a combination of phishing and a trojan.

    Wiki - In the context of computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.

    Also Wiki - a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.

  1. JacquesDav

    Joined: Dec 1969

    0

    MySpace infected?

    I thought it already was an infection.

  1. Annette310

    Joined: Dec 1969

    0

    Uh-Oh

    I have a myspace..I better watch out

  1. burger

    Joined: Dec 1969

    0

    Quicktime linking

    I have a problem with a quicktime movie being able to auto-open a website. This can definitely be used to create problems.

  1. derbbre

    Joined: Dec 1969

    0

    Another non-issue

    This is social engineering at it best (worst?). You can't blame Quicktime for presenting a dialog box with a link. This isn't even automatic. If dialog boxes and linking are a problem, well, then every Web browser made is vulnerable to this "worm". If you fall for this, you really shouldn't be using the Internet. BTW, this isn't a worm or even a trojan or even a security hole with QT, the security risk is a user dumb enough to follow a link and enter personal information on a phishing page.

  1. eldarkus

    Joined: Dec 1969

    0

    worm? YES!!!!!!

    Read the article tomahawk.

    "Additionally, the worm places an embedded QuickTime movie on the user's profile, which will then repeat the infection process for anyone who visits the profile."

    The embedded QT movie is phishing/trojan, yes.. but since this spreads without any user interaction, as stated by the article, it's also a worm!!

  1. notehead

    Joined: Dec 1969

    0

    penalties

    You'd think that by now we would have a reliable method for tracing all kinds of malware, viruses, spam, etc., back to their respective sources, so that we could determine who the individuals responsible are. These individuals could then be sentenced to some sort of appropriately horrible experience, like being dropped into a vat filled with vermin.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Sound Blaster Roar Bluetooth speaker

There could very well be a new king of the hill for Bluetooth speakers, with Sound Blaster's recent entry into the marketplace. Bring ...

Kenu Airframe Plus

Simple, stylish and effective, the Kenu Airframe + portable car mount is the latest addition to Kenu's lineup. Released earlier this ...

Plantronics Rig Surround 7.1 headset

Trying to capture the true soundscape of video games can be a daunting task. Looking to surround-sound home theater options, users hav ...

toggle

Most Commented