Myspace Hit by QuickTime Worm

Social networking site, MySpace has been bugged by a malicious QuickTime video file, which embeds itself on people's MySpace pages and changes their profiles, when downloaded and played. Internet security firm, WebSense, says that the worm adds links to fraudulent sites, on the pages of MySpace members by exploiting a cross-scripting vulnerability in the site and support for JavaScript in Apple's embedded media player.

The QuickTime file, when played by a MySpace user, replaces the links on the user's profile with links to phishing Web sites that attempt to trick people into giving up sensitive information such as log-in credentials. The worm includes some JavaScript code that runs automatically when an infected page is viewed with Internet Explorer. Thereafter, any other MySpace user who visits that affected profile page, gets hit by the worm.

This is yet another phishing attack in the string of viruses that have hit the popular social networking site. MySpace has been targeted by hackers and mischief mongers to steal usernames, passwords and personal details and to spread adware. The fraudulent pages created by miscreants, tend to bear an uncanny resemblance to the original MySpace page, to trick users into giving away information.

Read more here.