MySpace + QuickTime = problems
Many people know about the intrinsic risks involved with the popular MySpace social networking site. However a recently discovered security vulnerability with the site, combined with a feature of Apple’s cross-platform QuickTime digital media software has resulted in a virus that can infect users’ MySpace accounts (from either a PC or a Mac).
The MySpace vulnerability was discovered and published a couple weeks back. Someone probably read the description and realized they could take advantage of a JavaScript “feature” in QuickTime to create the virus. The virus can jump from MySpace account to MySpace account whenever a user logs in and plays the infected QuickTime file. The virus, in addition to infecting the user’s account, also changes links on the account to point to phishing sites. So seemingly it wasn’t created simply by a bored high school student, but more likely by an actual evil-doer looking to defraud people.
There’s little question the MySpace vulnerability should have been fixed, but MySpace is still a somewhat new site and seems to move slowly in addressing such matters. It’s unclear whether the QuickTime “feature,” which Apple touts, should have been “fixed” too.
Tuesday, December 5, 2006