Archive for December, 2006

MySpace Worm

December 7, 2006

It seems that someone went the extra mile and combined the MySpace Trojaned Navigation Menu vulnerability that int3l dropped an advisory on to Full Disclosure on November 16th with a “feature” in Apple’s QuickTime player to create a MySpace worm. Apparently, infected pages host a malicious QuickTime movie that when played uses JavaScript to employ the technique in our advisory to replace the page’s navigation menu redirecting the links to a phishing site. The phishing site collects user credentials, then uses those credentials to add the malicious QuickTime movie to those user’s profiles.

Original alert from WebSense is here.

Other press can be found via google search.

Advertisements