Worm is the latest hit from MySpace

  • E-Mail
By  Published  December 8, 2006

Members of social networking site MySpace are at risk of falling victim to phishing attacks after a worm was found to be spreading through the site via a QuickTime video file.

Internet security provider Websense last week warned that the worm was exploiting the Javascript support within Apple’s embedded media player in conjunction with a MySpace vulnerability to replace legitimate links on a user’s MySpace profile with links to a phishing site.

The phishing site pages look like MySpace log-in pages and prompt users to enter their MySpace credentials, according to internet security firm, F-Secure.

Websense said when MySpace users played the video the worm also embedded the malicious QuckTime video into the user’s site so that any other users who visited the profile could also be infected.

An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code