How to Prevent the QuickTime-MySpace Phishing Infection

Security Incidents : How to Prevent the QuickTime-MySpace Phishing Infection

Posted by Max on 2006/12/7 13:37:57 (1896 reads)

If you are logged into MySpace and view a suspicious crafted QuickTime file on someone else's MySpace page, then JavaScript code can without human intervention change your user profile. The nasty QuickTime file can alter your MySpace page by adding links to fake MySpace pages that collect user names and passwords. The Quicktime file can also copy itself to your MySpace page without your intervention.

Reports about phishing exploits on MySpace about MySpace Web pages that host QuickTime about QuickTime files have reached a hallucinating pitch -- unfortunately, most of those reports are slim on details. The potential danger is real, but understanding what it is can help you avoid accidentally giving up your personal information.

What It Is
The phishing threat on MySpace takes advantage of QuickTime's ability to involuntarily play Web page movies and open URLs. These features are used for legitimate reasons all the time, but they can also be used to accidentally redirect someone to an alternate Web page or run malicious JavaScript code.

In this case, code is being used to trick users into giving up personal information in what is commonly known as a "phishing" scam.

How It Works
Since this threat is being used on the MySpace social networking Web site, you first need to have a MySpace user profile of your own to be at risk. If you are logged into MySpace and view a maliciously crafted QuickTime file on someone else's MySpace page, then JavaScript code can automatically modify your user profile.

The malicious QuickTime file can modify your MySpace page by adding links to fake MySpace pages that collect user names and passwords. The Quicktime file can also copy itself to your MySpace page without your interaction.

What You Can Do
Avoid playing QuickTime movies and audio files on MySpace profile pages. Disabling QuickTime's auto-play feature is an excellent idea, too. Here's how: Choose Apple (Nasdaq: AAPL) about Apple menu, System Preferences; then select the QuickTime Preferences Pane. Click the Browser tab. Uncheck "Play movies automatically."

Previous article - Next article

Other articles
2009/11/3 14:55:39 - BitDefender Top Ten Malware Threats for October 09
2009/11/3 14:29:38 - Nov. 09 Microsoft Security Intelligence Report
2009/10/7 15:19:17 - StopSign AntiVirus and Anti-Malware is Windows 7 Compatible
2009/10/7 15:11:26 - New Outlook Backup and Migration Software By Disk Doctors
2009/9/30 4:20:57 - Microsoft Security Essentials, FREE Security Tool Just Released
2009/9/28 14:31:52 - New Rogue Antispyware Cloaked To Infects Computers
2009/9/9 4:31:49 - Trend Micro Proves Leadership in URL Filtering and Web Security
2009/9/9 4:16:20 - New Free Tool to Clean Conficker Once and For All
2009/9/1 8:37:11 - Kaspersky Internet Security 2010 and Kaspersky Anti-Virus 2010 Out Now
2009/9/1 7:54:50 - NEW P2P Advertising Network Protects Users Against Lawsuits And Identity Theft

The comments are owned by the poster. We aren't responsible for their content.