Jump to content
GreaseSpot Cafe

My Space worm...


markomalley
 Share

Recommended Posts

QuickTime javascript worm spreads via MySpace

Monday, December 04, 2006 - 01:39 PM EST

Websense Security Labs has confirmed the existence of a worm spreading on the MySpace network. This worm is exploiting the javascript support within Apple's embedded QuickTime player. This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list. The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site.

Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well.

An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both.

More info and screenshot: http://www.websense.com/securitylabs/alert...php?alertID=708

F-Secure Virus Information:

Name: JS/Quickspace.A

Type: Worm

Category: Virus

Platform: JS (javascript)

Source: http://www.macdailynews.com/index.php/webl...ds_via_myspace/

Verification: http://www.symantec.com/enterprise/securit...-120313-2523-99

Enjoy!

Link to comment
Share on other sites

I'm sorry, but I'm really stupid. I know a worm is a bad thing, but that's about it. Can you or someone else tell me what this particular worm can do, and what should be done about it, using very easy to understand terms?

I don't have a myspace account, but both of my kids do. I'd really hate to see their computers messed up by something preventable. Thanks!

Link to comment
Share on other sites

This worm is exploiting the Javascript support within Apple's embedded QuickTime player. This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list.
Translation:

This is a virus that attacks MySpace user profiles, using an exploit of the QuickTime player.

The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site.

Translation:

The links in the user's MySpace profile then get changed to links for phishing sites.

So, people clicking on the links will be scammed.

Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well.

Translation:

The MySpace profile will also be used to host a copy of the infecting video,

so others can be infected as well.

==========

What to do?

I don't think this affects computers THEMSELVES-just the MySpace network.

Until MySpace fixes it, though, the smartest thing will be to stay off MySpace,

or, failing that, to avoid clicking ANY links on MySpace no matter what.

In general, I'd keep my antivirus up-to-date as well, just in case something

(probably not this) can try to infect your computer.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...