Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Myspace Xss Quicktime Worm


  • Please log in to reply
1 reply to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 PM

Posted 04 December 2006 - 07:26 AM

...Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well. An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both...

websense.com

More info at F-Secure Virus Information Pages: JS/Quickspace.A

Edited by quietman7, 04 December 2006 - 12:19 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,112 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 PM

Posted 11 December 2006 - 10:38 AM

Update: Apple QuickTime Vulnerabilities Still Imperil Users

We have yet to see Apple acknowledge this as a security issue. On the contrary, it has claimed that this is a legitimate feature. A temporary, trivially evadible, fix was provided by Apple to MySpace that was, controversially, distributed only to MySpace users and only to those MySpace users who use IE. All other users of Apple QuickTime, including MySpace users who use a browser other than IE, are still vulnerable. And, since this fix was given only to MySpace users, other websites are still vulnerable to an attack by a worm similar to Quickspace...Bottom line: These are security vulnerabilities, not "features".

f-secure.com
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users