Admin

Worm uses QuickTime to spread on MySpace
By Joris Evers
December 4, 2006, 12:50 PM PST

A malicious video on MySpace.com pages changes people's profiles when played, embedding itself and adding links to fraudulent Web sites, experts have warned. The video is a rigged QuickTime file that exploits a MySpace vulnerability and support for JavaScript in Apple Computer's embedded media player, Web security firm Websense said in an alert posted on Friday.

When played by a MySpace user, the video adds itself to the user's MySpace page and replaces the links on the user's profile with links to phishing Web sites, Websense said. Phishing sites are fraudulent sites that attempt to trick people into giving up sensitive information such as log-in credentials. A MySpace representative on Monday said she could not immediately comment on the worm.

MySpace, owned by News Corp., is a popular social-networking Web site that is estimated to have over 70 million registered users. The worm exploits a common type of Web vulnerability called a cross-site scripting flaw in the site along with a feature called HREF track in QuickTime that has legitimate uses, but can also be abused, experts said.

"It seems that we have a MySpace worm on our hands, using a malicious QuickTime MOV file to spread," Mikko Hypponen, chief research officer at security company F-Secure, wrote in a blog posting Saturday. The rigged QuickTime movie includes some JavaScript code that will be run automatically when an infected page is viewed with Internet Explorer, Hypponen wrote.