Watching malware and viruses evolve over the years has been fascinating. As technology changes, the focus of these malicious pieces of software changes too. With the huge focus on social networking that the web today provides, large sites like MySpace are being targeted more often. Just recently, MySpace was forced to pull down hundreds
of profiles, because they have been infected. Pages being infected? That's right. Apparently, due to a specific flaw in QuickTime used in conjunction with MySpace that allows embedded video, a worm was able to spread itself among hundreds of profiles and then tried to lure unsuspecting users into revealing information:
On the pages hit by the attack, the worm converted legitimate links to those that brought users to a phishing site that attempted to obtain personal information, including their MySpace username and password. Having that information could enable a third party to pose as a MySpace user and perform additional fraudulent activities.
MySpace was quick to remove the profiles, and it hasn't been made public yet if anyone actually fell for the scams the infected pages provided. Most of the sites hosting the scams were also taken down, making the response overall a very quick one. The vulnerability was apparently well known over two weeks ago, but a fix was not applied in time.