MySpace profiles pulled after worm attack

By Justin Mann on December 5, 2006, 5:29 PM
Watching malware and viruses evolve over the years has been fascinating. As technology changes, the focus of these malicious pieces of software changes too. With the huge focus on social networking that the web today provides, large sites like MySpace are being targeted more often. Just recently, MySpace was forced to pull down hundreds of profiles, because they have been infected. Pages being infected? That's right. Apparently, due to a specific flaw in QuickTime used in conjunction with MySpace that allows embedded video, a worm was able to spread itself among hundreds of profiles and then tried to lure unsuspecting users into revealing information:

On the pages hit by the attack, the worm converted legitimate links to those that brought users to a phishing site that attempted to obtain personal information, including their MySpace username and password. Having that information could enable a third party to pose as a MySpace user and perform additional fraudulent activities.
MySpace was quick to remove the profiles, and it hasn't been made public yet if anyone actually fell for the scams the infected pages provided. Most of the sites hosting the scams were also taken down, making the response overall a very quick one. The vulnerability was apparently well known over two weeks ago, but a fix was not applied in time.




User Comments: 3

Got something to say? Post a comment
TimeParadoX said:
It was ganna happen sooner or later right?I mean millions of people go to this stupid website ( Yes, I said Myspace was stupid :D ) so a Hacker / Phiser would surely love that place to place a worm in a file somewhere on the site.
ctutt said:
The day I purchased and downloaded Apple's Quick Time Pro my Spyware Dr. flagged a problem. I believe it is in apple's quicktime program to begin with.Is that consistent with your experience?
TimeParadoX said:
Well Macs suck :)I dont have a problem with myspace because I dont go there, I just think it's stupid
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.