MySpace worm uses QuickTime for exploit

MySpace.com is under attack by an extremely effective worm that steals log-in credentials and spreads spam promoting adware sites.

The social networking site MySpace.com is under what one computer security analyst calls an "amazingly virulent" attack caused by a worm that steals log-in credentials and spreads spam that promotes adware sites.

The worm is infecting MySpace profiles with such efficiency that an informal scan of 150 found that close to a third were infected, said Christopher Boyd, security research manager at FaceTime Communications Inc.

MySpace, owned by News Corp., is estimated to have at least 73 million registered users.

The worm works by using a cross-scripting weakness found around two weeks ago in MySpace and a feature within Apple Computer Inc.'s QuickTime multimedia player.

The exploit starts with a user who visits a MySpace profile infected with an embedded QuickTime movie. The movie loads JavaScript code that overlays a row of menu options on a MySpace profile with a bogus menu.

A QuickTime function, called the HREF track, can direct the player to use JavaScript commands to load Web pages into a browser frame or window.

The JavaScript feature in QuickTime has legitimate uses, "but there are a lot of legitimate uses for technology that can be misused," said Ross Paul, senior product manager with Websense Inc.

If an option in the bogus menu is clicked, the user is directed to a fake log-in page hosted on another server where the person's log-in details are captured.

Websense has posted a screenshot of the fake log-in page.

MySpace's "seemingly random tendency" to expire user sessions or log out users makes it less noticeable to victims that an attack is under way, according to a Nov. 16 advisory by the Computer Academic Underground.

Additionally, the worm places an embedded QuickTime movie on the user's profile, which will then repeat the infection process for anyone who visits the profile.

The worm has another malicious function. Once a profile is infected, the worm sends spam to other people in the user's contact list.

Those spam messages contain a file that appears to be a movie but instead is a link to a pornographic site that also hosts adware from Zango Inc., Boyd said. Zango, formerly 180 Solutions Inc., settled last month with the U.S. Federal Trade Commission for US$3 million over complaints it didn't properly ask the consent of users before its adware was installed.

Boyd said he's heard anecdotal stories of users removing the worm's JavaScript manually from their profile, but the worm reappears after some time if one of their friend's profiles is infected. Several variants of the worm have also appeared, he said.

While some of the Web sites hosting the malicious QuickTime movie have been taken down, others have appeared, Boyd said.

The Firefox 2.0 browser was flagging some of the bogus log-in sites as phishing sites, Boyd said. However, phishing sites can be active for several hours before they are flagged, he said.

MySpace officials couldn't immediately comment.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest News Articles

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?