Phishing worm hooks MySpace users | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

The Perfect (Virtual) Marriage
Deduplication and VMware
SSL in High-Security Browsers
The Browser Security Revolution
Gartner Paper: US Data Centers
The Calm Before the Storm
What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
Making Green IT a Reality
Customer Perspectives on the Impact of Storage Vendor Decisions on Power, Cooling, & Space in Enterprise Data Centers
How IT Management Can "Green" the Data Center
A Gartner Report

The Register » Security » Enterprise Security »

Phishing worm hooks MySpace users

Zango and cash

By John Leyden → More by this author

Published Tuesday 5th December 2006 18:26 GMT

How IT Management Can "Green" the Data Center - Free Download

In Brief A worm exploiting Javascript support within Apple's embedded QuickTime player has spread across the MySpace network.

The worm is being used in conjunction with a MySpace vulnerability recently reported on a security mailing list to replace legitimate links on a user's MySpace profile with links pointing towards a phishing site. The attack attempts to trick users into handing over MySpace login credentials and to trick users into visiting a pornographic website contaminated with Zango adware, FaceTime Security reports.

Once a user's MySpace profile is infected (which happens when they view a malicious embedded QuickTime video) their links are doctored and a copy of the malicious QuickTime video is embedded into the user's site, web security firm WebSense said. Other users who visit an infected profile may then pass on the infection.

An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, it adds. ®

Save money taking your comms online - Free live event - Register now

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

Facebook poked by XSS flaw (23 May 2008)
Compromised legit sites power hack attacks (8 April 2008)
Secret Crush widget spreads adware on Facebook (4 January 2008)
Worms 2.0! (27 June 2007)
Judge pours generous portion of cold water on Zango (6 June 2007)
Apple plugs two QuickTime holes (30 May 2007)
Adware firm sues over adware classification (18 May 2007)
QuickTime, not Safari, to blame for MacBook vuln (25 April 2007)
MySpace-hosted malware exploits QuickTime flaw (16 March 2007)
MySpace hackers avoid extortion rap (27 February 2007)
MySpace slams ad networks over 'scareware' (24 January 2007)
MySpace sues Spam King (22 January 2007)
Myspace sued for failing to protect minors (18 January 2007)
Phishing fraudsters get flashy (5 January 2007)
European network will target email and internet scams (4 January 2007)
Opera adds tech to foil phishers (19 December 2006)
Irish consumers wising up to phishing scams (15 December 2006)
Social sites' insecurity increasingly worrisome (5 December 2006)
IE and Firefox blighted by fake login flaw (23 November 2006)
MySpace phishing scam targets music fans (14 October 2006)
Phishers aim to hook MySpace users (5 June 2006)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

The Perfect (Virtual) Marriage

Get consistent virtual machine storage savings of 50% (often as high as 90%) with virtually no performance impact with NetApp deduplication..

whitepaper title

Gartner Paper: US Data Centers

U.S. enterprise data centers face considerable space and energy constraints over the next few years. Download this free independent report to read more..

Whitepapers
Accelerating Enterprise Data Governance How IT Management Can "Green" the Data Center Redefining FOTA deployment in EMEA Solution Brief: Reduce Energy Costs

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search