How to Prevent the QuickTime-MySpace Phishing Infection

Security Incidents : How to Prevent the QuickTime-MySpace Phishing Infection

Posted by Max on 2006/12/7 13:37:57 (1328 reads)

If you are logged into MySpace and view a suspicious crafted QuickTime file on someone else's MySpace page, then JavaScript code can without human intervention change your user profile. The nasty QuickTime file can alter your MySpace page by adding links to fake MySpace pages that collect user names and passwords. The Quicktime file can also copy itself to your MySpace page without your intervention.

Reports about phishing exploits on MySpace about MySpace Web pages that host QuickTime about QuickTime files have reached a hallucinating pitch -- unfortunately, most of those reports are slim on details. The potential danger is real, but understanding what it is can help you avoid accidentally giving up your personal information.

What It Is
The phishing threat on MySpace takes advantage of QuickTime's ability to involuntarily play Web page movies and open URLs. These features are used for legitimate reasons all the time, but they can also be used to accidentally redirect someone to an alternate Web page or run malicious JavaScript code.

In this case, code is being used to trick users into giving up personal information in what is commonly known as a "phishing" scam.

How It Works
Since this threat is being used on the MySpace social networking Web site, you first need to have a MySpace user profile of your own to be at risk. If you are logged into MySpace and view a maliciously crafted QuickTime file on someone else's MySpace page, then JavaScript code can automatically modify your user profile.

The malicious QuickTime file can modify your MySpace page by adding links to fake MySpace pages that collect user names and passwords. The Quicktime file can also copy itself to your MySpace page without your interaction.

What You Can Do
Avoid playing QuickTime movies and audio files on MySpace profile pages. Disabling QuickTime's auto-play feature is an excellent idea, too. Here's how: Choose Apple (Nasdaq: AAPL) about Apple menu, System Preferences; then select the QuickTime Preferences Pane. Click the Browser tab. Uncheck "Play movies automatically."

Previous article - Next article

Other articles
2008/10/9 14:10:42 - Google Trends Used to Promote Fake Anti-Virus Software
2008/10/9 13:50:47 - Spam, Child Porn, Illegal Pharmaceuticals, and Stolen Data Make The Web Axis of Evil
2008/10/8 12:22:22 - New Anti-Phishing Service by BluePrint On National Cyber Security Awareness Month
2008/10/7 16:17:07 - Adware Released As Fake Antivirus Increases
2008/10/2 15:30:28 - Agnitum's Outpost Security Suite Pro Gains Another VB100% (on Windows Server 2008)
2008/10/2 15:21:49 - New FREE Security Tools From Verizon
2008/9/30 17:45:27 - SkyRecon Adds Anti-Virus Protection (AVP) to Its StormShield Security Suite
2008/9/30 17:32:11 - IdentitySecure, The New Identity Theft Protection Program from Affinion
2008/9/30 17:13:08 - Web Application Security Mythbusters by Cenzic Inc.
2008/9/30 17:03:58 - Disk Doctors Announces Support For The Hurricane IKE and Gustav victims

The comments are owned by the poster. We aren't responsible for their content.