A new worm has been found on MySpace (a social networking website) that takes advantage of Apple QuickTime movie’s HREF Track feature and MySpace’s XSS vulnerability to successfully propagate and execute its malicious actions. The malware author also intends to steal other MySpace user logins by setting up a phishing site where its url was being advertised by the worm accomplice.
The menace starts when a MySpace user views a malicious embedded QuickTime movie file (.mov). Yes, a movie file… but we are not talking of a vulnerability in QuickTime but rather a special feature built into QT movie file called HREF Track.
What is also noticing about this worm is its capability to send a random message to users with id’s from 80000000 to 105000000. The worm selects one of the six subjects below to send to random user every 6 seconds.
- what else is there to do on a Sunday.?…….
- You better not forget about this..
- Hehe that was so funny..
- better see this one last time lol..
- omg did you see this last nite..
- whos coming to the party tonight.?..
The body of the message is supposed to be a file named ‘youtubedt7rf2.jpg’ but I unfortunately wasn’t able to get a copy because the source url is no longer available.