Phishing worm hooks MySpace users

A worm exploiting Javascript support within Apple's embedded QuickTime player has spread across the MySpace network.06 Dec 2006

Topics

By John Leyden for The Register. This story has been reproduced with permission.

The worm is being used in conjunction with a MySpace vulnerability recently reported on a security mailing list to replace legitimate links on a user's MySpace profile with links pointing towards a phishing site. The attack attempts to trick users into handing over MySpace login credentials and to trick users into visiting a pornographic website contaminated with Zango adware, FaceTime Security reports.

Once a user's MySpace profile is infected (which happens when they view a malicious embedded QuickTime video) their links are doctored and a copy of the malicious QuickTime video is embedded into the user's site, web security firm WebSense said. Other users who visit an infected profile may then pass on the infection.

An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, it adds.

© The Register 2006

Pinsent Masons

Recent Technology Experience

More about Pinsent Masons

Related Sectors

All sectors

Pinsent Masons

Expertise in Technology

The challenges facing global technology and telecoms companies today are diverse and dynamic: from volatile macro-economic drivers and razor thin margins through to day-to-day issues such as data security supplier agreements, regulation, the need to protect IP, access to customers and a host of other matters.

More about Technology

More about Pinsent Masons
Find out more Find out more