MySpace
The phishing worm that hit MySpace may leave other sites vulnerable

QuickTime flaw could go beyond MySpace

Security firm warns that other sites could be infected

Shaun Nichols in California

The QuickTime security hole that enabled a phishing worm to attack users of social networking site MySpace is leaving more users and websites vulnerable than was first thought.

Security firm F-Secure said that the vulnerability has been confirmed to exist in Mac versions of QuickTime, as well as the QuickTime Alternative codec package.

Advertisement

"Any malicious JavaScript code exploiting [the vulnerability] would affect the users of both operating systems," said F-Secure researcher S G Masood.

Apple, which makes and distributes QuickTime, distributed the fix to MySpace which then offered the patch to users who accessed the site with Internet Explorer and a detectible version of QuickTime.

But this move leaves millions of users unprotected, according to F-Secure. Other browsers, including Firefox and Safari, remain exposed, and all sites that allow users to upload QuickTime movies will be vulnerable to the same sort of worm that plagued MySpace.

"With no fix available, the only feasible workaround for these social networking sites, and other websites on the internet, is to completely block users from uploading Apple QuickTime content," said F-Secure.

The QuickTime vulnerability first gained attention early this month when a worm known as QuickSpace began spreading on MySpace.

The worm spreads itself through the profile pages of MySpace users, altering the profiles of anyone who views the infected page and redirecting them to a MySpace phishing site.

This malicious site then uses stolen passwords to propagate spam messages with links to adware-installing sites.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

V3.co.uk weekly debrief, 5 Feb 2010

This week we cover the continuing controversy surrounding the Orange T-Mobile deal

Analysis and Reports

Using managed services to protect mobile data users from the latest security threats

Counting the cost of data security: the benefits of secured mobile services

Shifting Disaster Recovery targets with SharePoint and SQL server configurations

Using a hostbased recovery system for mission-critical systems

Poll

Adobe Flash poll

Adobe Flash poll

Do you agree with Steve Jobs about Flash being buggy?

View poll results

Advertisement

White paper library

Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Advertisement

Spotlight

Windows 7

Microsoft denies Windows 7 battery problems

Replacement warning functioning normally, claims software giant

Safer Internet Day

Safer Internet Day highlights online threats

Annual initiative warns of phishing, ID theft and social network...

AMD Fusion

AMD details Fusion innovations at ISSCC

Forthcoming chip with four CPU and one GPU cores will...

MSI Wind U135

Review: MSI Wind U135 netbook

A decent netbook incorporating the latest Intel technology in a...

Primary Navigation