My IT manager just sent this warning around the building, if you use Myspace please read1:
If you ever view MySpace pages, even if you don’t have a page of your own, please read:
There is a major issue with MySpace at the moment - a “virus” is infecting pages and spreading very quickly, as it is passed on when you view an infected page. Legitimate links on users pages are being replaced with links to fake pages designed to capture users login details.
The safest option is to simply not view any MySpace pages - in the office, or at home - until the problem is fixed.
The “virus” (which is technically a worm not a virus) is exploiting Javascript support within Apple’s embedded QuickTime player. It’s being used in conjunction with a known MySpace vulnerability recently
reported on a security mailing list. The attack attempts to trick users into handing over MySpace login
credentials and to trick users into visiting a pornographic website contaminated with Zango adware.
Once a user’s MySpace profile is infected (which happens when they view a malicious embedded QuickTime video) their links are doctored and a copy of the malicious QuickTime video is embedded into the user’s site. Other users who visit an infected profile may then pass on the infection. An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, but the safest option really is to take a break from MySpace until it’s reported as fixed. Read a book or something…
