Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3Rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

Phishing with a QuickTime worm

p2pnet.net News:- MySpace had to take scores of user profiles offline over the weekend.

They’d been infected by a worm that used Apple Computer’s QuickTime player to direct victims to a phishing site where they were scammed into keying in user names and passwords, says Websense. .

“This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list,” said Websense on Friday. “The vulnerabilities are being used to replace the legitimate links on the user’s MySpace profile with links to a phishing site.

“Once a user’s MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user’s page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user’s site. Any other users who visit this newly-infected profile may have their own profile infected as well.”

MySpace’s “seemingly random tendency” to expire user sessions or log out users makes it less noticeable to victims that an attack is under way, says a November 16 advisory by the Computer Academic Underground, quoted by the IDG News Service.

MySpace has been a favourite target, says The Register, going on:

“A year ago, a worm constructed using Javascript crawled through the accounts of MySpace, adding one user – “Samy” – to everyone’s friends list. The social-networking site has also become popular with online fraudsters that attempt to phish for log-in credentials from unsuspecting users, said Boyd, who has written about various adware threats on his VitalSecurity blog.

Also See:
IDG News ServiceMalicious Website / Malicious Code: MySpace XSS QuickTime Worm, December 1, 2006
The RegisterSocial sites’ insecurity increasingly worrisome, December 1, 2006

p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile – http://p2pnet.net/index-wml.php

This entry was posted on Tuesday, December 5th, 2006 at 9:02 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 1316 times

« previous Google goes to school(s)
BT store’s Windows DRM next »

One Response to “Phishing with a QuickTime worm”

  1. Reader's Write Says:
    December 8th, 2006 at 8:19 pm

    Myspace never took anything offline this weekend and they havent done anything about the worm. Although myspace when i wrote to them twice did finally return with an email that said “we are working on it, be patient.” that was on monday and ive not heard or seen anything change since. Apple, on the other hand, when i called as a paid pro-quicktime member said “we dont know anything about it.” That was after aprox. 1 hr on the phone talking to various apple techs. Nothing has been done by either that i can see. Myspace is still very much infected.

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
TekSavvy


Remove Spyware with AntiSpyware for Windows®