|
MySpace-hosted malware exploits QuickTime flaw By Dan Goodin in San Francisco http://www.theregister.co.uk/2007/03/16/myspace_quicktime_exploit/ A security researcher has documented malware that uses a vulnerability in Apple's QuickTime movie player to make a computer download and run a Javascript. A MySpace account promoting a French music group is exploiting the flaw to siphon information about users visiting the page and send it to a remote server. The perpetrators pull off the feat by embedding into their page an invisible QuickTime video that uses one Javascript to download and execute a second Javascript. It's this second script that acts as the spyware, according to the researcher, Didier Stevens, who documents his findings here. Stevens says McAfee VirusScan will flag the first script as malware and identify it as JS/SpaceTalk Trojan. Both the QuickTime movie file, titled tys4.mov, and the second script are downloaded from a server at profileawareness.com. That's also the site that collects the user data. Apple and MySpace have both suffered their share of security lapses in the recent past. Last week Apple released an update that squashed a variety of bugs in QuickTime, including eight security vulnerabilities. MySpace has also faced a series of exploits which have often been the result of rogue Javascripts. In 2005, for instance, a user named Samy inserted a script into his profile page that allowed him to scoop up millions of friends. And in July, a banner ad posted on the social networking site infected more than a million users with spyware. We contacted both companies for comment late on Thursday but did not hear back. According to Stevens, McAfee was the only antivirus provider to detect the script at the time he posted his finding. McAfee provides a reference of the Trojan, but the description was blank at the time of writing. Read About It Information about JS/SpaceStalk is located on VIL at: http://vil.nai.com/vil/content/v_141428.htm Detection JS/SpaceStalk was first discovered on February 7, 2007 and detection was added since the 4958 dat files (Release Date: February 7, 2007). To stay updated and protected download the latest dat files from http://www.mcafee.com/us/downloads/index.html If you suspect you have JS/SpaceStalk, please submit a sample to <http://www.webimmune.net> Risk Assessment Definition For further information on the Risk Assessment and Avert Labs Recommended Actions please see: <http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessm ent.html> Mike Grant Bytware, Inc. 775-851-2900 http://www.bytware.com CONFIDENTIALITY NOTICE: This e-mail message and any attachment to this e-mail message contain information that may be privileged and confidential. This e-mail and any attachments are intended solely for the use of the individual or entity named above (the recipient) and may not be forwarded to or shared with any third party. If you are not the intended recipient and have received this e-mail in error, please notify us by return e-mail or by telephone at 775-851-2900 and delete this message. This notice is automatically appended to each e-mail message leaving Bytware, Inc.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
