QuickTime Trojan Horse

A Trojan horse exploiting a flaw in Apple's QuickTime multimedia software is infecting MySpace.com users' computers, collecting confidential information, including passwords, several security companies said today. Although the flaw was patched earlier in March by Apple with the release of QuickTime 7.1.5, many users have not upgraded, according to Computerworld. "The attack is reminiscent of one late last year that plagued MySpace users and forced the popular social networking site to shut down hundreds of profiles," the publication wrote. "Like that December exploit, today's leverages the QuickTime 'HREF' function, which allows movies to contain URLs or JavaScript that load Web pages into a browser. [However] rather than issue a fix to all QuickTime users then, however, Apple took the unusual step of letting MySpace itself link to the blocking code. In other words, only MySpace users were protected."

by MacNN Staff