D
DelJo63
March 19, 2007 (Computerworld) -- A Trojan horse exploiting a flaw in Apple Inc.'s QuickTime that was patched two weeks ago is infecting MySpace.com users' computers, collecting confidential information, including passwords, several security companies said today.
The attack is reminiscent of one late last year that plagued MySpace users and forced the popular social networking site to shut down hundreds of profiles.
....
An Apple spokesman today said that the company patched QuickTime against the flaw in its March 5 security update. New versions for both Mac OS X and Windows were released that day.
But apparently not every QuickTime user has updated to the patched Version 7.1.5; the most recent exploit again uses HREF to embed malicious JavaScript in a QuickTime movie posted on a MySpace page. When a user clicks to play the movie, the JavaScript Trojan horse -- which is hosted on an external site -- grabs personal information of the MySpace user.
see the article
The attack is reminiscent of one late last year that plagued MySpace users and forced the popular social networking site to shut down hundreds of profiles.
....
An Apple spokesman today said that the company patched QuickTime against the flaw in its March 5 security update. New versions for both Mac OS X and Windows were released that day.
But apparently not every QuickTime user has updated to the patched Version 7.1.5; the most recent exploit again uses HREF to embed malicious JavaScript in a QuickTime movie posted on a MySpace page. When a user clicks to play the movie, the JavaScript Trojan horse -- which is hosted on an external site -- grabs personal information of the MySpace user.
see the article
