|Worm targets Myspace users|
MySpace users have been hit with a new worm that spreads through a malicious video, changing users' profiles by adding links to phishing websites as it goes.
"The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site," said Websense.
Phishing websites attempt to gather confidential information from users, such as passwords and PINs for financial websites.
"Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well," said Websense.
The affected sites have a blue navigation bar that is not usually found on the pages, along with the links to the fake sites. Internet Explorer users are reported to be most vulnerable to the worm.
Conor Flynn, technical director, Rits, told ENN that virus writers are now viewing social networking websites as a way to spread their malicious code. "People have taken to these sites in huge numbers. They have a reasonably high level of confidence in the material they are getting from them," he said.
However, MySpace and similar sites do not take responsibility for the content that is posted, and as such, the content's integrity should be taken with a pinch of salt, Flynn said.
To combat further security threats, Flynn warned that users need to be vigilant about keeping all their software up to date, including video applications such as QuickTime, Windows Media Player and RealPlayer. He recommended turning on automatic updates for these applications.
Although the majority of concerns about social networking and video sites revolve around copyright and the suitability of content, this is not the first time MySpace has been involved in a security scare. The site has previously been used to spread the Samy and Spaceflash worms.
The social networking website was bought by Rupert Murdoch's News Corp in 2005 for USD580 million. -electicnews