<strong>If you or your kids use MySpace profiles, you should read this alert</strong>
December 04, 2006
MySpace.com is under what one computer security analyst called an "amazingly virulent" attack caused by a worm that steals log-in credentials and spreads spam that promotes adware sites.
The worm is infecting MySpace profiles with such efficiency that an informal scan of 150 found that close to a third were infected.
The worm works by using a cross-scripting weakness found about two weeks ago in MySpace and a feature within Apple Computer Inc.'s QuickTime multimedia player.
The exploit starts with a user who visits a MySpace profile infected with an embedded QuickTime movie. The movie loads JavaScript code that overlays a row of menu options on a MySpace profile with a bogus menu. If an option in the bogus menu is clicked, the user is directed to a fake log-in page hosted on another server, where the person's log-in details are captured. Additionally, the worm places an embedded QuickTime movie on the user's profile, which will then repeat the infection process for anyone who visits the profile.
The worm has another malicious function. Once a profile is infected, the worm sends spam to other people in the user's contact list.
MySpace worm uses QuickTime for exploit
Moderator: Wiz Feinberg
-
Wiz Feinberg
- Posts: 6117
- Joined: 8 Jan 1999 1:01 am
- Location: Mid-Michigan, USA
- State/Province: Michigan
- Country: United States
-
Anders Brundell
- Posts: 636
- Joined: 2 Nov 1999 1:01 am
- Location: Falun, Sweden
- State/Province: -
- Country: United States
How can I tell if my MySpace page and/or pc is infected and what do I do to clean it? http://www.myspace.com/steel_picker
(It seemes like it's impossible not to be attacked by malware on the web! Next time I'll buy me a steam pc with a crank starter.)
Anders
(It seemes like it's impossible not to be attacked by malware on the web! Next time I'll buy me a steam pc with a crank starter.)
Anders