Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

MySpace Worm Uses QuickTime For Exploit

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Editorials & Other Articles Donate to DU
 
Nomad559 Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-06-06 10:34 PM
Original message
MySpace Worm Uses QuickTime For Exploit
MySpace worm uses QuickTime for exploit

The social networking site MySpace.com is under what one computer security analyst called an "amazingly virulent" attack caused by a worm that steals log-in credentials and spreads spam that promotes adware sites.

The worm is infecting MySpace profiles with such efficiency that an informal scan of 150 found that close to a third were infected, said Christopher Boyd, security research manager at FaceTime Communications Inc.

MySpace, owned by News Corp., is estimated to have at least 73 million registered users.

The worm works by using a cross-scripting weakness found about two weeks ago in MySpace and a feature within Apple Computer Inc.'s QuickTime multimedia player.

The exploit starts with a user who visits a MySpace profile infected with an embedded QuickTime movie. The movie loads JavaScript code that overlays a row of menu options on a MySpace profile with a bogus menu.
Printer Friendly | Permalink |  | Top
neuvocat Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-06-06 10:39 PM
Response to Original message
1. In which case...
it is actually a problem with Quicktime.
Printer Friendly | Permalink |  | Top
 
Nomad559 Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-06-06 10:45 PM
Response to Reply #1
3. How long have Apple and Myspace known about the worm?
http://www.vitalsecurity.org/2006/12/how-long-have-apple-and-myspace-known.html

The past couple of weeks I've been working with Apple on patching up an exploit to a piece of functionality in the QuickTime plug-in. Word of it was getting around slowly because someone created a worm that was spreading like mad, and others were phishing shitloads of accounts
Printer Friendly | Permalink |  | Top
 
tridim Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-06-06 10:57 PM
Response to Reply #3
6. Quicktime Pro doesn't even work on my computer (XP x64)
It's a format that just needs to be phased out IMO, like Real Media.
Printer Friendly | Permalink |  | Top
 
wtmusic Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-06-06 10:43 PM
Response to Original message
2. Oooh, a Javascript worm
Maybe it even closed a browser window!

:rofl:
Printer Friendly | Permalink |  | Top
 
LTR Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-06-06 10:48 PM
Response to Original message
4. Quick Time is a useful piece of software, but it is a real pain in the ass
Edited on Wed Dec-06-06 10:49 PM by Fighting Irish
The main thing I loath about it is that it attaches itself to the startup menu like glue, and there's really no way to take it off. RealPlayer did this a while back and stopped. And now QT comes attached to iTunes, so it's kinda forced on you no matter what (since I need iTunes to download some podcasts like "Real Time with Bill Maher").

As for MySpace, that place is a haven for really nefarious scripting. I'm surprised it hasn't been exploited more by hackers.

In conclusion, I will say that I disaprove of the death penalty, except for people who create viruses and spyware.

:mad:
Printer Friendly | Permalink |  | Top
 
silverojo Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-06-06 11:55 PM
Response to Reply #4
7. QuickTime and RealMedia suck.
I've uninstalled both. If somebody "requires" me to have either to access a video, I just move on. I'm not going to be blackmailed into having those two programs on my PC. They cause so many problems, it's hard to tell whether those programs are acting up, or if you have a virus.
Printer Friendly | Permalink |  | Top
 
Nomad559 Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Dec-07-06 12:06 AM
Response to Reply #7
8. Try using
QuickTime and Real Alternative

I've been using both for a couple of years now.

QuickTime Alternative
http://www.free-codecs.com/download/QuickTime_Alternative.htm

Real Alternative
http://www.free-codecs.com/download/Real_Alternative.htm

:)
Printer Friendly | Permalink |  | Top
 
LTR Donating Member (1000+ posts) Send PM | Profile | Ignore Thu Dec-07-06 01:13 PM
Response to Reply #8
10. Is there a way to uninstall QT and leave iTunes?
And run with the QT alternative?

I tried the RP alternative a few years ago, but it didn't work well for me (outdated?). By that time, Real had cleaned up their act somewhat and I reinstalled it. No problems, and no tkbell file screwing up my settings.

QT seems to have reverted back to its prior nastiness. Whenever Apple snobs talk up their product, I make sure to bring up Quick Time.
Printer Friendly | Permalink |  | Top
 
dubeskin Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Dec-06-06 10:48 PM
Response to Original message
5. I've noticed many people with this problem
My friends who I know would never post bulletins anyway, are posting stuff like "Size DOES matter!" and "Check out this new drug I found for staying up!!!" And Tom, the creator of Myspace, announced it. But also it does seem to be an Apple error, which shouldn't have happened anyway. And as far as I know, I never updated in the first place, so it seems people who never updated are safe, correct?
Printer Friendly | Permalink |  | Top
 
SmellsLikeDeanSpirit Donating Member (471 posts) Send PM | Profile | Ignore Thu Dec-07-06 03:03 AM
Response to Original message
9. So thats what that was about....
Everytime I would log in a popup asked me to update my quicktime. I did. Haven't noticed any problems, but I don't use myspace the much anyway. So spam away.
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Sun May 05th 2024, 12:51 AM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Editorials & Other Articles Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC