Identity thieves are manipulating a feature in Apple Computer’s embedded QuickTime player to launch phishing attacks on the popular MySpace.com social networking portal.
According to a warning by San Diego-based Websense Security Labs, a fast-spreading worm is exploiting the JavaScript support in QuickTime and targeting a MySpace vulnerability to lure users to phishing sites.
The double-barreled attack is replacing legitimate links on users’ MySpace profiles with links to malicious sites cleverly masked to look legitimate.
Click here to read more about the dangers of rigged QuickTime movies.
“Once a user’s MySpace profile is infected—by viewing a malicious embedded QuickTime video—that profile is modified in two ways,” Websense said. The links in the user’s page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user’s site.
Read the full story on eWeek.com: Phishers Attack MySpace with QuickTime Exploit Worm