Subscribe in RojoSubscribe in NewsGator OnlineAdd to netvibes
Add strictly | tech to Newsburst from CNET
Add to Plusmo

Subscribe by Email



« Home | Toshiba Debuts 100GB Capacity 1.8 inch HD » | Nintendo's Wii Launches in Japan to Huge Crowds » | Businesses get a sneak peak to Vista » | Old TechTV "family member" goes missing with wife ... » | EA: Sony said PS3 sales were only half as expected... »

Worm targets Myspace users

This ones scary, I don't have a Myspace, it seems to "difficult to use" with profiles and stuff, it is easy to edit though.

MySpace users have been hit with a new worm that spreads through a malicious video, changing users' profiles by adding links to phishing websites as it goes.

Embedded in a QuickTime video, the worm exploits a cross-site scripting flaw on MySpace and the HREF track feature in QuickTime. The infected file also embeds itself in the user's profile, allowing it to spread further throughout the network of over 120 million profiles. Once the movie has been viewed by a MySpace user, it infects their profile.

"The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site," said Websense.

Phishing websites attempt to gather confidential information from users, such as passwords and PINs for financial websites.

"Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well," said Websense.

The affected sites have a blue navigation bar that is not usually found on the pages, along with the links to the fake sites. Internet Explorer users are reported to be most vulnerable to the worm.

Conor Flynn, technical director, Rits, told ENN that virus writers are now viewing social networking websites as a way to spread their malicious code. "People have taken to these sites in huge numbers. They have a reasonably high level of confidence in the material they are getting from them," he said.

However, MySpace and similar sites do not take responsibility for the content that is posted, and as such, the content's integrity should be taken with a pinch of salt, Flynn said.

To combat further security threats, Flynn warned that users need to be vigilant about keeping all their software up to date, including video applications such as QuickTime, Windows Media Player and RealPlayer. He recommended turning on automatic updates for these applications.

Although the majority of concerns about social networking and video sites revolve around copyright and the suitability of content, this is not the first time MySpace has been involved in a security scare. The site has previously been used to spread the Samy and Spaceflash worms.

The social networking website was bought by Rupert Murdoch's News Corp in 2005 for USD580 million. -electicnews

Labels: , , , ,

Post to | Digg it.

Links to this post

Create a Link


Add to Technorati Favorites


Popular posts

None yet!






















2006 / Strictly | Tech

Creative Commons License
All articles and website template is licensed under a:
Creative Commons Attribution-NoDerivs 2.5 License.