Quantcast
PC World: Technology Advice You Can Trust
Search
Browse by Topic
Subscribe to magazine

Magazine

Subscribe & Get
a Bonus CD

Customer Service

Find a Review
Dads & Grads Gift Guide Audio & Video Business Center Cameras Cell Phones & PDAs Communications Components & Upgrading Desktop PCs DVD & Hard Drives Gaming Hardware & Software HDTV Laptops Macs & iPods Monitors Printers Spyware & Security The PCW Test Center Windows Vista & XP
Resource Centers
Asus Notebook Center
CDW Solution Center
HP Ink Center
Intel Technology Center
Lenovo Laptop Showcase
White Paper Library
Webcast Library
Most Popular Search Terms
Most Popular Products
Most Popular Downloads
Free Newsletters
Receive the latest reviews, how-to's, news, and more.
Weekly Brief
Daily Downloads
Daily Technology News
Go
WiFi Finder
Locate wireless services by a specific address, city, state, country, airport, or zip code.
RSS Feeds
Get our latest content via convenient RSS feeds.
Latest News
Today @ PC World
Become a PCW Member
Join the community and start enjoying the benefits:
  • Get tech advice from thousands of PC World Members
  • Rate and recommend the latest tech products
  • Share your thoughts in blog and article comments
  • Get free excerpts and exclusive discounts on Super Guides
Signing up is free and easy.
Read More About: VideoWorms

Aggressive MySpace Worm Attacks via QuickTime

Fast-moving pest exploits site, player holes to steal passwords.

Jeremy Kirk, IDG News Service

Monday, December 04, 2006 7:00 AM PST
Recommend this story?
Yes
No

The social networking site MySpace.com is under what one computer security analyst calls an "amazingly virulent" attack caused by a worm that steals log-in credentials and spreads spam that promotes adware sites.

The worm is infecting MySpace profiles with such efficiency that an informal scan of 150 found that close to a third were infected, said Christopher Boyd, security research manager at FaceTime Communications.

MySpace, owned by News Corp., is estimated to have at least 73 million registered users.

The worm works by using a cross-scripting weakness found around two weeks ago in MySpace and a feature within Apple's QuickTime multimedia player.

How Worm Spreads

The exploit starts with a user who visits a MySpace profile infected with an embedded QuickTime movie. The movie loads JavaScript code that overlays a row of menu options on a MySpace profile with a bogus menu.

A QuickTime function, called the HREF track, can direct the player to use JavaScript commands to load Web pages into a browser frame or window.

The JavaScript feature in QuickTime has legitimate uses, "but there are a lot of legitimate uses for technology that can be misused," said Ross Paul, senior product manager with Websense.

If an option in the bogus menu is clicked, the user is directed to a fake log-in page hosted on another server where the person's log-in details are captured. This phishing-style maneuver is similar to another recent attack aimed at MySpace users.

Websense has posted a screenshot of the fake log-in page.

Exploits MySpace Features

MySpace's "seemingly random tendency" to expire user sessions or log out users makes it less noticeable to victims that an attack is under way, according to a November 16 advisory by the Computer Academic Underground.

Additionally, the worm places an embedded QuickTime movie on the user's profile, which will then repeat the infection process for anyone who visits the profile.

The worm has another malicious function. Once a profile is infected, the worm sends spam to other people in the user's contact list.

Those spam messages contain a file that appears to be a movie but instead is a link to a pornographic site that also hosts adware from Zango, Boyd said. Zango, formerly 180 Solutions, settled in November with the U.S. Federal Trade Commission for $3 million because of complaints it didn't properly ask the consent of users before its adware was installed.

Worm Ducks Detection

Boyd said he's heard anecdotal stories of users removing the worm's JavaScript manually from their profile, but the worm reappears after some time if one of their friend's profiles is infected. Several variants of the worm have also appeared, he said.

While some of the Web sites hosting the malicious QuickTime movie have been taken down, others have appeared, Boyd said.

The Firefox 2.0 browser was flagging some of the bogus log-in sites as phishing sites, Boyd said. However, phishing sites can be active for several hours before they are flagged, he said.

MySpace officials in London couldn't immediately comment Monday morning.


Recommend this story?
Yes
No
Related Searches: myspace worm myspace news virus security security breech

Comments
Related Content
HP Ink Center
Bring improved color and brilliance to your printed material. Visit the Resource Center for more info...
CDW Solution Center
Deliver speed and scalability in your storage systems. Find out how at the CDW Solution Center.
Asus Notebook Center
Ultra-fashionable thin and light notebooks with SmartLogon Face Recognition. Find out more at the Asus Resource Center.
Intel Processor Technology
Which Intel Processor is Right for You?
Which Intel Processor is Right for You?Centrino, Core 2 Duo, Core 2 Quad, Core 2 Extreme? Check out the Intel Technology Center for more info...
Are you a gamer?
Are you a gamer?Visit the Intel's Gaming section for the latest downloads, hottest gaming events and to learn about Intel & Gaming.
See what Intel can do for Vista...
See what Intel can do for Vista...Discover how Windows Vista technology work in the benchmarks with Intel Centrino processor technology.
VoIP Web Demo
Join Altigen for a Live Web Demo and learn how VoIP technology can improve your business communications.
The Future Sales Force - A Consultative Approach
This white paper discusses the challenges of selling complex products and services, and the new skill sets sales professionals must employ.
Latest News
Fujitsu Tackles E-paper's Slow Screen Speed
Fujitsu has developed a prototype electronic paper screen that tackles one of the technology's biggest weaknesses: the amount... 15-May-2008
Windows Coming on Dual-boot OLPC
The One Laptop Per Child Project and Microsoft plan to make both Windows and Linux available on a version of the project's XO... 15-May-2008
Yahoo Tells Icahn That Its Own Board Knows Best
Yahoo has responded to investor Carl Icahn's threat to take control of Yahoo's board and force it back to the negotiating... 15-May-2008
Does Icahn Have a Backup Plan?
Billionaire investor Carl Icahn's proxy fight for Yahoo is aimed at reigniting merger talks between the Internet company and... 15-May-2008
For Google, IPhone Remains a Key Platform
When Apple ships its iPhone 2.0 update--and the accompanying App Store for distributing third-party software for the... 15-May-2008
Google's Mac Efforts Begin to Bear Fruit
Amit Singh thought something was missing from OS X. The Google engineer--and author of Mac OS X Internals--took a look at what... 15-May-2008
Pirate Bay, AMD Chip Plans, Creative Capitalism
This week our readers engage on a wide range of topics, from software piracy to capitalism. 15-May-2008
Wall Street Beat: M&A Stirs 'trendless Market'
Merger and acquisition news this week from Hewlett-Packard, EDS, Comcast, Plaxo, CBS and CNET -- along with Carl Icahn's... 15-May-2008
Facebook to Google: Friend Disconnect
The industry momentum for data portability brotherhood hit a bump on Thursday when Facebook blocked Google's Friend Connect... 15-May-2008
US Agency to Investigate Semiconductor Patent Complaints
The U.S. International Trade Commission (ITC) has voted to investigate complaints by two U.S. companies that 18 other... 15-May-2008

PC World's Marketplace

PC World's Free Whitepapers

Name City
Address 1 State Zip
Address 2 E-mail (optional)