Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


MySpace Wants Apple To Update QuickTime

At the time when an attempt was made to redirect 'MySpace' users to 'phishing websites', a debatable question arose: Is it possible for widely popular social networking sites such as MySpace.com to retain an open environment while shutting doors on malicious hackers? This is in reference with MySpace.com's desire for 'Apple Computer' to update its 'QuickTime media player' software so that nobody can use it to attack social networking sites.

A worm has recently hit 'MySpace' users. It proliferates through a malicious video, modifying users' profiles by adding harmful links to phishing websites. Internet security firm 'Websense' explains the worm generates these links on the pages of MySpace. This happens by exploiting a cross-site scripting vulnerability in the site and with the support of JavaScript embedded in Apple's 'media player'. The JavaScript enables the worm creators to add those malicious links in place of legitimate ones on MySpace profile pages. These new links belong to phishing sites that trick visitors to enter usernames and passwords.

Apple's spokesperson Lynn Fox said in e-mail that the company is set to find a 'QuickTime' fix, while it has produced a temporary solution on December 2, 2006. She said after it learnt about the exploit feature in 'QuickTime', targeted at MySpace users, the company has found a way to disable that feature. This would be helpful for only those who browse on Internet Explorer. However, Apple was working on a broader fix intending all other users as well.

Apple said it depends on the social networking site to facilitate the temporary fix for its users.

MySpace has over 70 million registered users who could have their profiles infected just by viewing another profile that contained the worm. MySpace shut down all infected user profiles during the weekend to rectify the situation. . It also closed down five of the six-phishing sites connected with MySpace to gain profile access.

The objective of the attack appears to get more people to visit fraudulent sites designed to resemble MySpace login pages. Though unclear what the miscreants would do with that information, but possibly they could use the users' profiles for advertising.

Related article: MySpace Yet Again Under Phishers

» SPAMfighter News - 12/11/2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page