toggle

AAPL Stock: 432 ( + 1.95 )

http://www.macnn.com/articles/06/12/04/worm.exploits.quicktime/

MySpace worm exploits QuickTime

updated 05:15 pm EST, Mon December 4, 2006

 

Worm exploits QuickTime


A worm affecting the MySpace journal network is exploiting Apple's QuickTime player, according to one report. As much as a third of MySpace could be contaminated with infection beginning by visiting a journal with an embedded QuickTime movie. The contaminated movie uses JavaScript to display a menu that links to an external website where users are asked to enter login information which is promptly stolen, and in turn used to infect the user's own MySpace journal. The purpose of the worm appears to be spam, which is sent to names on a user's MySpace contact list and directs readers to a pornography site, which also hosts adware by Zango. IDG News observes that Zango paid $3 million last month in a dispute with the Federal Trade Commission, who accused the company of failing to ask for consent before installing its product.


by MacNN Staff

Post tools:

TAGS :

 troubleshooting

Related Articles

Recent Articles

toggle

Comments

  1. dscottbuch

    Fresh-Faced Recruit

    Joined: Sep 2000

    0
    12/04, 06:09pm | report spam | Reply |

    Worm?

    This sounds more like phishing!!!. You're supposed to be able to link to web site from withing Quicktime. It can be any web site. What that web site does is up to it.

  1. eldarkus

    Fresh-Faced Recruit

    Joined: Feb 2004

    0
    12/04, 08:41pm | report spam | Reply |

    Worm? yes..

    It spreads itself so it's definitely a worm.

    WIki - A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention.

  1. UberFu

    Fresh-Faced Recruit

    Joined: Oct 2002

    0
    12/04, 09:38pm | report spam | Reply |

    which platform ??

    this isn't Apple's fault or problem_ It still comes back to stupid users_

    And if it's embedding a replica of itself on the user's MySpace Webpage - then that means it is server side and is actually hacking MySpace servers_

    It's running thru a CSS file that can be submitted to a person's MySpace Page - chich resides on the MySpace servers_

    I have only seen PC-based screenshots of this quicktime thing_ But since the OS X interface is partly based on javascript-xml-css - but all of this is not entirely cross-platform_

    And the article MACNN references above mentions that it is residual from adware based software which tends to be Windows specific_

    So yeah - everyone out there in the Mac world get all paranoid now that we're on Intel based processors_ not_

    the ComputerWorld link also references WebSense - which shows a screenshot of a sample page - using IE 7 - CSS and javascript handle slightly differently - is based on a different architecture and kills a bunch of legacy code supported by previous versions_

    So it'll be fun to see exactly which browsers and and platforms this specifically affects_

  1. Tomahawk

    Fresh-Faced Recruit

    Joined: Nov 2001

    0
    12/04, 09:39pm | report spam | Reply |

    Worm? No

    Read it again... It displays a menu linking to another site where users are asked to enter their login info. If you enter your info THEN it replicates. Therefore it would be a combination of phishing and a trojan.

    Wiki - In the context of computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.

    Also Wiki - a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.

  1. JacquesDav

    Fresh-Faced Recruit

    Joined: Jun 2002

    0
    12/04, 10:42pm | report spam | Reply |

    MySpace infected?

    I thought it already was an infection.

  1. Annette310

    Junior Member

    Joined: Nov 2006

    0
    12/04, 11:19pm | report spam | Reply |

    Uh-Oh

    I have a myspace..I better watch out

  1. burger

    Forum Regular

    Joined: Sep 2000

    0
    12/05, 07:56am | report spam | Reply |

    Quicktime linking

    I have a problem with a quicktime movie being able to auto-open a website. This can definitely be used to create problems.

  1. derbbre

    Fresh-Faced Recruit

    Joined: Oct 2000

    0
    12/05, 09:36am | report spam | Reply |

    Another non-issue

    This is social engineering at it best (worst?). You can't blame Quicktime for presenting a dialog box with a link. This isn't even automatic. If dialog boxes and linking are a problem, well, then every Web browser made is vulnerable to this "worm". If you fall for this, you really shouldn't be using the Internet. BTW, this isn't a worm or even a trojan or even a security hole with QT, the security risk is a user dumb enough to follow a link and enter personal information on a phishing page.

  1. eldarkus

    Fresh-Faced Recruit

    Joined: Feb 2004

    0
    12/05, 12:03pm | report spam | Reply |

    worm? YES!!!!!!

    Read the article tomahawk.

    "Additionally, the worm places an embedded QuickTime movie on the user's profile, which will then repeat the infection process for anyone who visits the profile."

    The embedded QT movie is phishing/trojan, yes.. but since this spreads without any user interaction, as stated by the article, it's also a worm!!

  1. notehead

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    12/05, 03:49pm | report spam | Reply |

    penalties

    You'd think that by now we would have a reliable method for tracing all kinds of malware, viruses, spam, etc., back to their respective sources, so that we could determine who the individuals responsible are. These individuals could then be sentenced to some sort of appropriately horrible experience, like being dropped into a vat filled with vermin.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Logitech FabricSkin Keyboard Folio for iPad

Since the fourth-generation iPad didn't evolve much over its predecessor, the market for iPad accessories has remained somewhat static ...

Huawei Ascend Mate

The Huawei Ascend Mate is a phone that fits the screen-size gap between the 4 to 5-inch smartphone and the seven-inch or more tablet, ...

MaxUpgrades MaxConnect for 2006-2008 Mac Pro

Nobody outside of Cupertino's privileged bunch knows the future of the Mac Pro line for sure. Despite Apple's reluctance to tell us wh ...

toggle

Most Commented

 

Popular News