MySpace has been reportedly infected with a worm that directs users to a phishing site that steals the login-id and password to spread spam promoting adware sites.
December 6, 2006 (Press Release) --
MySpace has been reportedly infected with a worm that directs users to a phishing site that steals the login-id and password to spread spam promoting adware sites.
The worm spreads by exploiting the Javascript support within Apple's QuickTime multimedia player. The JavaScript code then overlays the menu options on a MySpace profile with a bogus menu. When the user clicks any option on the bogus menu, he/she is directed to a fake log-in page hosted on another server, where his/her log-in details are captured.
Not only does the worm replace legitimate links on MySpace user profiles with links to the phishing site, but it also manages to root infected videos into the victims' profiles.
The worm has already infected hundreds of user profiles, which have now been pulled down by MySpace. Further, the worm is infecting MySpace profiles with such efficiency that an informal scan of 150 such profiles found that close to a third of these were infected.
It is learnt that a user's profile gets infected just by visiting an infected profile. The malicious code finds the visitor's profile through cookies in the victim's browser.
How this happens is that the worm places an embedded QuickTime movie on the victim's profile, which then repeats the infection process for every visitor to the profile. Once a profile is infected, the spam is sent to other people present on the victim's contact list. The spam messages contain a file that looks like a movie but is actually a link to a pornographic site hosting adware.
In the past too, MySpace has witnessed similar such attacks.
Source: http://www.techtree.com/
The worm spreads by exploiting the Javascript support within Apple's QuickTime multimedia player. The JavaScript code then overlays the menu options on a MySpace profile with a bogus menu. When the user clicks any option on the bogus menu, he/she is directed to a fake log-in page hosted on another server, where his/her log-in details are captured.
Not only does the worm replace legitimate links on MySpace user profiles with links to the phishing site, but it also manages to root infected videos into the victims' profiles.
The worm has already infected hundreds of user profiles, which have now been pulled down by MySpace. Further, the worm is infecting MySpace profiles with such efficiency that an informal scan of 150 such profiles found that close to a third of these were infected.
It is learnt that a user's profile gets infected just by visiting an infected profile. The malicious code finds the visitor's profile through cookies in the victim's browser.
How this happens is that the worm places an embedded QuickTime movie on the victim's profile, which then repeats the infection process for every visitor to the profile. Once a profile is infected, the spam is sent to other people present on the victim's contact list. The spam messages contain a file that looks like a movie but is actually a link to a pornographic site hosting adware.
In the past too, MySpace has witnessed similar such attacks.
Source: http://www.techtree.com/
Email
Print
SPAM
LEAVE A COMMENT
