New Phishing Worm Slithers Through MySpace

By NewsFactor Network | December 5, 2006

Social-networking site MySpace has shut down hundreds of user profiles to prevent further infection by a worm that directed users to phishing sites. Discovered late last week, the worm exploited a JavaScript feature in Apple’s QuickTime plug-in.

The JavaScript glitch in the QuickTime plug-in allowed the worm creators to replace legitimate links on MySpace profile pages with links to phishing sites that requested visitors’ user names and passwords.

All infected profiles on the site have been taken down, MySpace has reported, and all but one of the phishing sites used in the attack have been rendered inoperable.

Unwelcome Guests

By most accounts, the worm was able to infect user profiles on MySpace fairly easily. If a user visited an infected profile, his or her own account could have become infected.

In addition to changing links, the worm also embedded itself into any video files featured on an infected page. Those users who believed they were visiting legitimate sites through the links listed on an infected page, and subsequently handing over their user names and passwords, made themselves into easy targets for having their own pages changed.

Security experts and antivirus researchers have been keeping an eye on these new “attack vectors,” which include blogs, social-networking sites, and even Wikipedia stories, said Gartner analyst Peter Firstbrook.

“Web 2.0 will bring more incidents related to the ability of people to contribute to Web content,” he noted. “With Web 1.0, content was usually static, so you had the ability to lock it down more easily. But now, when you give people the capacity to change content, you open a door.”

No Shock Value

In November, Wikipedia was targeted by malware writers who used the site’s storage features to create a booby-trapped page that contained malicious code. Although the site removed the page quickly and discovered the additional pages that…

Bookmark and Share :-)