Apple Quicktime worm is spreading through MySpace

Share

myspace.pngA worm that uses a vulnerability in Apple’s popular QuickTime video playback software has started chomping its way through the MySpace social networking site. It started over the weekend and could now have infected the accounts of as many as one in three of the site’s 130 million users.

It spreads through viewing a profile page with a QuickTime movie on it. The worm attack is caused by QuickTime files that trigger JavaScript coding on the web page. The movie then gets embedded on their own profile page and their browser gets a fake navigation bar which, if they click on that bar, are then asked for their MySpace username and password but from a rogue web page.

The attackers then harvest these credentials and then leave comments on other people’s pages with a pornographic image and link to a porn site that will actually install adware.

The reason? Money, basically. The owner of the ‘Vidchicks’ site earns money every time someone installs the adware.

No comment from MySpace since the attack, and (as per usual) nothing from Apple, though it had better be something that they’re working on fixing.

As usual, vigilance is the best policy, though that’s easier said than done by the millions of users on MySpace.

Related stories: Tocmag: The mobile MySpace? | MySpace squaring up to YouTube by pushing video features? | Will mobile be the new frontier for MySpace and Bebo? | MySpace Infection may have affected Over 1 Million Users

Andy Merrett