MySpace Worm on the Loose - Andre Yee's Security Insider - ebizQ

February 10, 2008 Sign In | About ebizQ | Contact Us | Join ebizQ Gold Club

Andre Yee's Security Insider
An open dialogue about security and compliance for the enterprise.

« MySpace Worm on the Loose | Main | Win-Win »

December 05, 2006
MySpace Worm on the Loose

In the past, we've discussed how a result of better Windows security, coupled with the emergence of Web 2.0 applications will lead to potential new targeting by hackers. All the major online entities from Google to eBay have been exploited in some form or other over the past 18 months. Now, MySpace is hit with a worm that uses QuickTime to infect and proliferate.

The exploit takes advantage of a vulnerability with MySpace and Quicktime's support for Javascript. Upon playing the malicious video, the unsuspecting MySpace user will find links on his/her profile altered and replaced with links to phishing Web site. The goal is to solicit more visits to these MySpace phishing sites. As others visit this infected site, their profiles will be infected and the problem proliferates.

Expect more of the same as hackers broaden their scope from Windows and focus on the new crop of Web 2.0 platforms.

For anyone interested, technical details on the attack are available here.

Posted by andreyee in Alerts/Warnings |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1057

Comments Post a comment

Most Recent ebizQ Blog Entries

ADVERTISEMENT

RSS Subscription

Recent Posts

Privacy Problems with Social Networks
Implications of Salesforce Phishing Incident
Electronic Jihad?
Top 10 Most Vulnerable Apps for 2007
Adobe Fixes Vulnerability But Problems Persist in the Wild
Ann Coulter Hacked
Social Networking Versus Corporate Security
How Web 2.0 is Challenging Corporate Security
Identity Data Leaked from Mortgage Company
Is the iPhone Secure Enough For You?

Categories

Alerts/Warnings
Compliance
Industry Trends
Insider Attacks
IPS/Firewall Technology
M&A
Network Security
Odds and Ends
Privacy/Information Theft
Product Announcements
Spam & Spyware
web 2.0
web services security
Wireless Security

Archives

December 2007
November 2007
October 2007
September 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006

Blog Roll

This Work

Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ

Disclaimer:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ.

free hit counter script

Subscribe to our Newsletters
ebizQ Weekly Gold Club Update Live Webinar Updates Updates from ebizQ Partners ebizQ SOA Update ebizQ BPM Update ebizQ Security Update ebizQ BI Update ebizQ Open Source Software Update Virtual Show Newsletter
Your E-mail Address:

BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND

Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND

Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map