Identity thieves are manipulating a feature in Apple Computer’s embedded QuickTime player to launch phishing attacks on the popular MySpace.com social networking portal.
The double-barreled attack is replacing legitimate links on users’ MySpace profiles with links to malicious sites cleverly masked to look legitimate.
“Once a user’s MySpace profile is infected—by viewing a malicious embedded QuickTime video—that profile is modified in two ways,” Websense said. The links in the user’s page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user’s site.
Read the full story on eWeek.com: Phishers Attack MySpace with QuickTime Exploit Worm