In the past, we've discussed how a result of better Windows security, coupled with the emergence of Web 2.0 applications will lead to potential new targeting by hackers. All the major online entities from Google to eBay have been exploited in some form or other over the past 18 months. Now, MySpace is hit with a worm that uses QuickTime to infect and proliferate.

The exploit takes advantage of a vulnerability with MySpace and Quicktime's support for Javascript. Upon playing the malicious video, the unsuspecting MySpace user will find links on his/her profile altered and replaced with links to phishing Web site. The goal is to solicit more visits to these MySpace phishing sites. As others visit this infected site, their profiles will be infected and the problem proliferates.

Expect more of the same as hackers broaden their scope from Windows and focus on the new crop of Web 2.0 platforms.

For anyone interested, technical details on the attack are available here.

Posted by andreyee in Alerts/Warnings | Permalink | Comments (0) | TrackBacks (0)

In the past, we've discussed how a result of better Windows security, coupled with the emergence of Web 2.0 applications will lead to potential new targeting by hackers. All the major online entities from Google to eBay have been exploited in some form or other over the past 18 months. Now, MySpace is hit with a worm that uses QuickTime to infect and proliferate.

The exploit takes advantage of a vulnerability with MySpace and Quicktime's support for Javascript. Upon playing the malicious video, the unsuspecting MySpace user will find links on his/her profile altered and replaced with links to phishing Web site. As others visit this infected site, their profiles will be changed, the site infected with the mal-video and the problem proliferates. The goal of this attack is to solicit more visits to these MySpace phishing sites where users are tricked into entering their passwords. Should a user succumb, one outcome is that the MySpace account will be used to send pornographic spam.

This won't abate - expect more of the same as hackers broaden their scope from Windows and focus on the new crop of Web 2.0 platforms.

For anyone interested, technical details on the attack are available here.

Posted by andreyee in Alerts/Warnings • Alerts/Warnings | Permalink | Comments (0) | TrackBacks (0)