Subscribe to Liquidmatrix Security DigestNews FeedSubscribe to Liquidmatrix Security DigestComments

Browse > Home / Malware, Spam/Phishing / MySpace XSS QuickTime Worm

MySpace XSS QuickTime Worm

1

Author: Dave Lewis

The folks at Websense have confirmed the existence of a worm that is spreading through MySpace.com. The worm is apparently exploiting the QuickTime player.

The vulnerabilities are being used to replace the legitimate links on the user’s MySpace profile with links to a phishing site.

Once a user’s MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user’s page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user’s site. Any other users who visit this newly-infected profile may have their own profile infected as well.

An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both.

For more on this and screen shots head over to Websense.

Article Link

Tags: , , ,

Tag It:
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • NewsVine
  • LinkedIn
  • TwitThis
  • Facebook
  • Live

Posted by Dave Lewis on Saturday, December 2, 2006 at 9:00 am 
Filed under Malware, Spam/Phishing · Tagged with


Comments

One Response to “MySpace XSS QuickTime Worm”

Trackbacks

Check out what others are saying about this post...
  1. MySpace XSS QuickTime Worm of Myspace Html Codes Blog says:
    December 2, 2006 at 9:30 am

    [...] Original post by Dave for Myspace News MySpace XSS QuickTime Worm [...]



Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!