AAPL Stock: 122.99 ( -0.39 )

Printed from

MySpace worm exploits QuickTime

updated 05:15 pm EST, Mon December 4, 2006

Worm exploits QuickTime

A worm affecting the MySpace journal network is exploiting Apple's QuickTime player, according to one report. As much as a third of MySpace could be contaminated with infection beginning by visiting a journal with an embedded QuickTime movie. The contaminated movie uses JavaScript to display a menu that links to an external website where users are asked to enter login information which is promptly stolen, and in turn used to infect the user's own MySpace journal. The purpose of the worm appears to be spam, which is sent to names on a user's MySpace contact list and directs readers to a pornography site, which also hosts adware by Zango. IDG News observes that Zango paid $3 million last month in a dispute with the Federal Trade Commission, who accused the company of failing to ask for consent before installing its product.

by MacNN Staff





  1. dscottbuch

    Joined: Dec 1969



    This sounds more like phishing!!!. You're supposed to be able to link to web site from withing Quicktime. It can be any web site. What that web site does is up to it.

  1. eldarkus

    Joined: Dec 1969


    Worm? yes..

    It spreads itself so it's definitely a worm.

    WIki - A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention.

  1. UberFu

    Joined: Dec 1969


    which platform ??

    this isn't Apple's fault or problem_ It still comes back to stupid users_

    And if it's embedding a replica of itself on the user's MySpace Webpage - then that means it is server side and is actually hacking MySpace servers_

    It's running thru a CSS file that can be submitted to a person's MySpace Page - chich resides on the MySpace servers_

    I have only seen PC-based screenshots of this quicktime thing_ But since the OS X interface is partly based on javascript-xml-css - but all of this is not entirely cross-platform_

    And the article MACNN references above mentions that it is residual from adware based software which tends to be Windows specific_

    So yeah - everyone out there in the Mac world get all paranoid now that we're on Intel based processors_ not_

    the ComputerWorld link also references WebSense - which shows a screenshot of a sample page - using IE 7 - CSS and javascript handle slightly differently - is based on a different architecture and kills a bunch of legacy code supported by previous versions_

    So it'll be fun to see exactly which browsers and and platforms this specifically affects_

  1. Tomahawk

    Joined: Dec 1969


    Worm? No

    Read it again... It displays a menu linking to another site where users are asked to enter their login info. If you enter your info THEN it replicates. Therefore it would be a combination of phishing and a trojan.

    Wiki - In the context of computer software, a Trojan horse is a malicious program that is disguised as or embedded within legitimate software.

    Also Wiki - a standalone program that masquerades as something else, like a game or image file, in order to trick the user into some misdirected complicity that is needed to carry out the program's objectives.

  1. JacquesDav

    Joined: Dec 1969


    MySpace infected?

    I thought it already was an infection.

  1. Annette310

    Joined: Dec 1969



    I have a myspace..I better watch out

  1. burger

    Joined: Dec 1969


    Quicktime linking

    I have a problem with a quicktime movie being able to auto-open a website. This can definitely be used to create problems.

  1. derbbre

    Joined: Dec 1969


    Another non-issue

    This is social engineering at it best (worst?). You can't blame Quicktime for presenting a dialog box with a link. This isn't even automatic. If dialog boxes and linking are a problem, well, then every Web browser made is vulnerable to this "worm". If you fall for this, you really shouldn't be using the Internet. BTW, this isn't a worm or even a trojan or even a security hole with QT, the security risk is a user dumb enough to follow a link and enter personal information on a phishing page.

  1. eldarkus

    Joined: Dec 1969


    worm? YES!!!!!!

    Read the article tomahawk.

    "Additionally, the worm places an embedded QuickTime movie on the user's profile, which will then repeat the infection process for anyone who visits the profile."

    The embedded QT movie is phishing/trojan, yes.. but since this spreads without any user interaction, as stated by the article, it's also a worm!!

  1. notehead

    Joined: Dec 1969



    You'd think that by now we would have a reliable method for tracing all kinds of malware, viruses, spam, etc., back to their respective sources, so that we could determine who the individuals responsible are. These individuals could then be sentenced to some sort of appropriately horrible experience, like being dropped into a vat filled with vermin.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

Entry-level 27-inch Retina iMac

The 27-inch Apple iMac with 5K Retina display is already one of the best value-for-money Macs that Apple has ever released. It was som ...


Most Commented