A malicious QuickTime video on MySpace is being used to infect MySpace profiles. When a user plays the video, the links on the user’s page are changed to point to phishing sites, thus becoming an infected page. Any friend who clicks on this user’s MySpace page then infects their own MySpace page. The ultimate goal of the phishing attack appears to be the stealing of MySpace userIDs and passwords.
MySpace has requested that Apple patch the QuickTime hole. According to MacRumors, Apple is working on a fix. But Apple has yet to release it on their website. Neither is information regarding this patch readily available on the MySpace home page.
- New MySpace Worm Using Quicktime Exploit
- Roundup on the MySpace Worm
- How Not to Distribute Security Patches
- Social Sites Insecurity Increasingly Worrisome
- Google News – MySpace Worm
- Technorati – MySpace Worm