NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0094 MySpace-hosted malware exploits QuickTime flaw:

A Belgian security researcher has documented malware that uses a vulnerability in Apple's QuickTime movie player to make a computer download and run a Javascript, according to an online press report. A MySpace account promoting a French music group is exploiting the flaw to siphon information about users visiting the page and sent it to a remote server. The perpetrators pull off the feat by embedding into their page an invisible QuickTime video that uses one JavaScript to download an execute a second Javascript. It is this second script that acts as the spyware, according to the researcher, Didier Stevens. Stevens says McAfee VirusScan will flag the first script as malware and identify it as JS/SpaceTalk Trojan.

(theregister.co.uk 16MAR07)

Last Modified: Friday, 23-Mar-2007 18:02:16 EST