QuickTime Helps Spread MySpace Worm
The video and the associated script will change links within the infected user's profile to links to phishing sites. In addition, it places itself on the profile in order to infect others. Viewing the video on another's MySpace profile would infect the viewers own, the firm said.
"An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both," it said in an advisory posted on Friday.
News Corp., parent company of MySpace, could not comment on the issue. Known as a cross-site scripting vulnerability, the flaw is one of the most common types found on the Web. While the QuickTime feature responsible is not necessarily a flaw -- it can be used for legitimate purposes, it also has been abused.
Infected pages are easy to find, as the navigation menu has been modified from the standard one. Links in this menu navigate to off-MySpace sites, crafted to look like the pages of the social networking site, where they attempt to trick users into entering their MySpace passwords.
"The final target seems to be to steal MySpace logins in mass quantities," Mikko Hypponen, chief research officer at security company F-Secure wrote in a Web log post Saturday.
With MySpace's ever increasing popularity, more and more malware writers are targeting the site in attacks. Another cross-site scripting worm spread in October 2005, in which one clever MySpace user looking to expand his buddy list figured out how to force others to become his friend. Other attacks have made attempts to steal personal information or spread adware.