NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0414 Hackers Ramp Up Facebook and MySpace Attacks:
On Friday, 22 February, a security company warned that hackers are actively exploiting an
Internet Explorer plug-in that is widely used by Facebook and MySpace members with a multi-
attack kit. Symantec Corporation said the exploit directed at Aurigma Incorporated's Image
Uploader, an ActiveX control used by Facebook, MySpace, and other social networking sites to
allow members to upload photos to their profiles, is just one of five in a new hacker toolkit
being used by several Chinese attack sites. Attacks begin when users receive spam or an
instant message with an embedded link. The link takes users to a bogus MySpace log-in page,
which tries to steal members' credentials as it also silently probes their computers for
vulnerabilities in Uploader, Apple Inc.'s QuickTime, Windows, and Yahoo Music Jukebox.
Although the Windows and QuickTime bugs were patched 8 and 13 months ago respectively, the
Uploader and Yahoo vulnerabilities were made public and fixed only within the last few weeks.
Symantec urged users to update the Image Uploader ActiveX control to version 4.5.57.1.
(ComputerWorld 23FEB08)