MySpace worm exploits Quicktime weakness to steal logins and plant spyware

F-Secure has spotted an outbreak of a Javascript exploit that uses flaws in Apple’s Quicktime to grab MySpace profile data.

It’s not easy to explain, but it’s a form of phishing: you visit what looks like a normal MySpace page, but the links have been altered to take you off-site (though that still looks like MySpace). There, a Quicktime .mov is downloaded to your system and runs a Javascript file that changes your MySpace profile.

The aim: to steal lots, and lots of MySpace login details.

View: Full Story
News source: Guardian Unlimited