MySpace Worm

It seems that someone went the extra mile and combined the MySpace Trojaned Navigation Menu vulnerability that int3l dropped an advisory on to Full Disclosure on November 16th with a “feature” in Apple’s QuickTime player to create a MySpace worm. Apparently, infected pages host a malicious QuickTime movie that when played uses JavaScript to employ the technique in our advisory to replace the page’s navigation menu redirecting the links to a phishing site. The phishing site collects user credentials, then uses those credentials to add the malicious QuickTime movie to those user’s profiles.

Original alert from WebSense is here.

Other press can be found via google search.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: