QuickTime JavaScript worm spreads via MySpace

Websense Security Labs has confirmed the existence of a worm spreading on the MySpace network. This worm is exploiting the Javascript support within Apple’s embedded QuickTime player. This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list. The vulnerabilities are being used to replace the legitimate links on the user’s MySpace profile with links to a phishing site.

Once a user’s MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user’s page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user’s site. Any other users who visit this newly-infected profile may have their own profile infected as well.

An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both.

More info and screenshot: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=708

F-Secure Virus Information:
Name: JS/Quickspace.A
Type: Worm
Category: Virus
Platform: JS (JavaScript)

More info: http://www.f-secure.com/v-descs/js_quickspace_a.shtml


  1. so when people visit the phishing site and enter their info it signs them up for dirty picture spam. don’t some people pay for those kinds of emails? does that make this a public service for some?

  2. Clearly someone wants to drive business to their security site. Check the two “Detection Methods” and “Prevention Methods” links. I have seen no clear description of exactly how it spreads and if it spreads via user interaction, then it’s something I don’t need to worry about.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.