Myspace Worm Using Quicktime HREF Track

Apple Quicktime

Just great. For a long time I have been trying to figure out a way not to let Quicktime spawn web pages. Not only is it annoying but now it can get you phissed: 

It begins with a QuickTime file being embedded in a Profile page. If the user “runs” the file (simply visiting the infected page is enough to trigger the attack in most cases), it uses the HREF function to activate some JavaScript.

Allowing JavaScript from a movie file….whoops.

When this happens, the profile page is “infected” and pastes a fake overlay of options onto the profile page – the most serious of which is (of course) the fake login button. If your page has been affected, you will see a strange, blue navigation bar such as this on your page. If this is the case, you will need to clean out your profile and check if any of your friends have also been infected – if they are, you will continue to be reinfected…most likely via the friends list itself. We have seen reports of users complaining that even when they’ve removed the fake navigation bar from their page, it comes right back if one of their friends is infected – so it looks like the friends list is being exploited in much the same way the Orkut worm used a similar feature to spread. Except in this case, the only option to fix the problem is get your friend to remove the infection code from their page, or remove your friend from your list indefinitely.

Going back to the fake login, if you enter your details, you have officially been Phished.

Myspace Worm Using Quicktime HREF Track