Hackers Exploit IE plug-ins to Steal MySpace, Facebook Members’ Credentials
According to the software security firm Symantec, criminals have began to exploit vulnerabilities in a number of widely installed IE (Internet Explorer) plug-ins in order to plant intrusive software, while tricking or coercing users into visiting certain Websites.
The exploit is targeted at Aurigma Inc.'s Image Uploader, the ActiveX control, serving MySpace, Facebook and other sites for social networking by facilitating members to upload photographs onto their profiles. The exploit is one among the five in the new toolkit of the hackers, who use it for attacking many Chinese Websites.
Symantec Analyst Darren Kemp wrote in an advisory that the attacks begin with users receiving an instant message or spam mail containing a link, as reported by ComputerWorld on February 23, 2008.
On clicking the link, users are led to a fake MySpace login page where attempts are made to capture users' credentials. At the same time, the page also searches the users' systems for security holes in Uploader, Windows, Apple Inc.'s QuickTime, and Yahoo Music Jukebox.
While the QuickTime and Windows flaws were patched last year (2007), Yahoo! and Uploader bugs were publicly announced and patched in the first week of February 2008.
Kemp also said that this is a demonstration of how fast attackers are trying on new vulnerabilities. The attackers will likely continue to take advantage of the recent vulnerability for some time at least.
The Aurigma flaw was disclosed in January end this year and the person who identified it was Elazar Broad, a researcher. Soon after the disclosure, a spokeswoman for MySpace and Facebook said that the sites are informing members about the danger, as reported by Computerworld on February 23, 2008.
Furthermore, Symantec pointed out that exploits against ActiveX controls is not new. In 2007, a number of holes in Microsoft-built technology were discovered and exploited. In the first six months of 2007, 210 ActiveX flaws were uncovered, turning IE into a frequent attack target.
As a matter of fact, following the disclosure of Yahoo Music Jukebox and Uploader vulnerabilities, the US-CERT (US Computer Emergency Readiness Team) recommended that IE users turn off ActiveX.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 29-02-2008