Websense Security Labs has confirmed the existence of a worm spreading on the MySpace network. This worm is exploiting the Javascript support within Apple’s embedded QuickTime player. This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list. The vulnerabilities are being used to replace the legitimate links on the user’s MySpace profile with links to a phishing site.
Once a user’s MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user’s page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user’s site. Any other users who visit this newly-infected profile may have their own profile infected as well.
An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both.
More info and screenshot: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=708
F-Secure Virus Information:
Name: JS/Quickspace.A
Type: Worm
Category: Virus
Platform: JS (JavaScript)
More info: http://www.f-secure.com/v-descs/js_quickspace_a.shtml
DW,
It’s actually a social engineering issue. I could send someone an email telling them to delete everything in their My Documents folder. If they do, is this a Windows issue?
Anyone that’s “click-happy” can make an issue out of even the safest plugin/app/utility. IE’s inherent flaws just make it a LOT easier to do.
HEY,
We all know anything is subject to malicous code-
However, Can anyone of you WINDOX guy’s/girl’s tell me how many is already on XP?
MORE THAN ONE- SWITCH TO A MORE SECURE PLATFORM- STUPID!
Damn the logic, fry them all (oh- they already are with 100k+ problems)
Say what?
Damn you Macintosh users. You’re all so smug about the fact that there’s hardly any viruses on your platform, and when “they” do find a possible virus or worm or “vulnerability” you refuse to “…own up to it”. You refuse to face the probability that sooner or later OS X is going to get a disease, and you are incessantly pointing to the 100’s of 1000’s of bugs that Windows has, and the scary nature of IE and its “vulnerabilities”. You won’t let the fact that most of the diseases plagueing Windows 3.1, 98, NT, XP, XP Home Edition, XP PRO, XP Enterprise, are still problems for VISTA, go. You Macintosh users just have your collective heads in the sand. Wake up and get a clue.
Damn I’m glad I’m a Macintosh user… :>)
oh! My! God! Does this mean I shouldn’t use my Internet Explorer with my ibuzz anymore, I’ll have to tell Justin, and all the other back street boys…
Myspace? ROTFLMAO! It’s for TEENS for the most part. Oh and Peds! Screw that lame site! LOL!
READ THE ARTICLE YOU CLOWNS!!
This isn’t a Mac issue or a Windows issue. It’s a MySpace issue.
It’s also kinda funky, in tricking the user’s client machine to hack their MySpace page. So what’s the real term for this? It’s kind of a trojan/worm hybrid.
But I do have to take issue with Apple: why do QT videos need JavaScript? What do they get next, a root shell?? Apple, don’t do a MS and “enable” us to death…
“This isn’t a Mac issue or a Windows issue. It’s a MySpace issue.”
Wrong, it’s QuickTime issue. Today the exploit attacks MySpace, tomorrow, who knows what someone will use this hole in QuickTime to attack?
I’m all for the total annihilation of MySpace. ATTENTION all IE users: Please IGNORE this warning and consider it a feature.
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
From the GNUCITIZEN blog page reader response: “I’ve loaded the Sample_backdoored.mov in my web browser (Safari 2.0.4) with OS X 10.4.8 (Security Update 2006-07) and I’m not getting any pop-ups. I’m running QuickTime 7.1.3 but not QuickTime Pro.”
Not too sure I can totally rely on that statement.
The blogger from GNUCITIZEN stated that he is running Windows and would like feedback from OS X users. Seeing that it takes advantage of JavaScript execution THROUGH QT, I would assume that Mac users of MySpace are just as vulnerable. It will not harm your system, ONLY your MySpace page/account (if you have one). I do not.
Note in the related article that it replaces the title bar. Keep your status bar enabled on your browser (everyone should anyway), and check for redirects on links This is *NOT* an OS exploit or vulnerability to your local system. It’s another twist on phishing. All in all, I don’t like to idea of QT being able to execute embedded JS commands in .mov files. JS is not as sandboxed as you would think. I have JS disabled by default anyway. YES, it is a pain to keep enabling/disabling, but I’m willing to put up with that.
“why do QT videos need JavaScript?”
Heavens, why are there ANY ways to program a computer that will fool gullible people??? Flash files use ActionScript, and anyone could easily create a file that says,”Click me to be cool”.
“hole in QuickTime”
It’s not a hole in QuickTime, it’s a hole in users’ heads. These are the same people that get emails that read, “I’m from Nigeria, want some money?” and they begin frothing at the mouth!
This isn’t about security, because anyone who has direct administrator access to any computer can compromise it and this exploit has simply found a vast sea of slow-thinkers.
This is a clear sign of Skynet being built 😀