Posted on 12/04/2006 12:34:18 PM PST by My Favorite Headache
Monday, December 04, 2006 - 01:39 PM EST
Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well.
An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both.
More info and screenshot: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=708
More info: http://www.f-secure.com/v-descs/js_quickspace_a.shtml
Isn't myspace pretty much a virus in it's own right?
Quick Time is full of adware and spyware as well.
I doubt it.
QT is a system component, made by Apple Computer.
People can hook up all sorts of stuff to it (such as this MySpace virus), but carrying manure in a bucket doesn't make the bucket bad.
My grandsons 2 graduated from college and 1 in college were here Thanksgiving..I had finally cleaned up this computer, a hand me down from one of them via my son... and had zero on my last scan from Adaware..I had 23 critical items after they left! LOL
There was nothing serious enough for AVG to catch... I had had a Trojan and it took weeks to figure out how to rid myself of it. Lesson learned..Never turn off the popup blocker and forget to turn it back on!
In a good way, yes. It's an amazingly powerful networking/marketing tool and a huge part of my business. Oh yea, and it's free. If that's a virus, gimme more, please!
This is a generic exploit that affects all multimedia players, Quacktime, RealPlayer, WinMediaPlayer. It's really a problem with any OS or program that allows injection of arbitrary code.
It's not the delivery medium, it's the programmer who doesn't screen input code for crap. It could and does happen to all OSes and programs (PHP and ActiveScript are both vulnerable), but Win seems to cause the most groans.
In my opinion all software that insists on being terminal resident when not in use is Crapware. That includes the newer printer software. None of this crapware should be running unless the program is in use. It never needed to be in the past and it should not be now. The newest software will not even allow you to turn its TSR status off. You have to force it by some other method.
I'm not going to argue the point, here is a good link for starters:
That's not surprising. The link you provided is not evidence that "Quick Time is full of adware and spyware". Evidently, you are misinformed about the difference between a vulnerability and actual malware.
Call it what you want. All I know is that every time QuickTime has been loaded for some two-bit video, it leaves spyware/advare that had to be cleaned up. Maybe the content left it. In any event, QuickTime isn't really that important to load, so it has been eliminated.
Well, no wonder. Your link contains absolutely nothing about adware, or spyware.
Maybe you should stop watching two-bit videos?
Seriously, it's not QuickTime that leaves the adware, it's the places you visit.
If a movie link indicates QuickTime, I now avoid it like the plague.
It sounds like an operating system issue. Despite the reports of obscure vulnerabilities, QuickTime is generally safe to use and it has the best-quality video technology available. Unfortunately, Windows users have been terrorized by malware for several years, and now many of them are afraid to do simple things like downloading a file, opening an e-mail or watching a video. Computer users shouldn't have to live in fear of the Internet, but that's the way it is for Microsoft customers. It's a lousy way to experience the network, in my opinion.
It describes how a 'carefully crafted H.264, FLC movie, FlashPix file or SGI image can trigger a buffer overflow which may lead to an application crash or arbitrary code execution with the privileges of the user.'
Not surprisingly, the error referenced affects both Mac and PCs, and a security patch is available.
In the grand scheme of things, I reckon this makes it something like (I'll be generous) 10 billion PC security holes to one on the Mac. Which no longer exists.
Now, about that Adware and Spyware?
If you want on or off the Mac Ping List, Freepmail me.
Re: the "Buffer overflow ... or arbitrary code execution with the privileges of the user."
Actually, not on a Mac... executables cannot be run in the data buffer which is where a badly crafted Quicktime movie would be placed. A buffer overflow would, at worst, crash Quicktime.
AND as you pointed out, the solution is easy:
Update to version 7.1.3.
QuickTime is an Apple product. Apple is pure as the driven snow and can do no wrong. </sarcasm>
Thanks. They can say it any way they want, but I can attest to the fact that almost every time I have to run something with QuickTime, it causes problems. I refuse to submit to such garbage. Do a Google search on "Quicktime" and "problems" and see what others have found. The Apple fanatics like to blame Microsoft. You and I both know that Apple isn't perfect, and the only reason they have fewer problems is that the hackers know there isn't enough market share to cause a major problem by attacking Apples.
My read is that it affects neither Macs nor PCs -- just corrupts MySpace profiles. It won't infect my machine, and unless I'm dumb enough to follow a phishing link and give them personal info, no harm to me. Or did I miss something?
A Google search of "Quicktime Problem" +PC returned only 684 hits... many of which are duplicates or links down a thread on the same issue. That hardly seems to be a pervasive problem. changing the word "problem" to "problems" only increased the hits to 1200.
I suspect you have a software/hardware incompatiblility where Quicktime on your system is clashing with either hardware on your system or some other piece of software is not releasing a system resource so that Quicktime can use it. In the past there have been known issues of conflicts with RealPlayer and its components.
Most issues with Quicktime on PCs were caused by an incomplete or failed initial installation. Try removing it completely and then re-installing it with the latest version.
You're just focusing on the surface. It's TCP/IP and HTTP that are full of adware and spyware.
It doesn't matter what the conflict is. it causes problems. If I have to remove another program to run a Quicktime clip, it is of no use to me. The point is, there are known conflicts.
Apparently the myspace hack just affects myspace, but there is a theoretical hack that could infect Quicktime and the other files I mentioned. As Swordmaker pointed out, worst case scenario on the Mac is that it might crash Quicktime
I haven't specifically had compatibility problems with QuickTime, but I avoid installing it because when I have it insists on installing shortcuts on the desktop and in my QuickLaunch bar and it insists on running a component at startup (which sits in the tray), apparently to check for updates. And if you try disabling the startup item with msconfig, it comes back the next time you use QuickTime. At least that's what I recall.
Exactly. It tries to take control of all the media without offering an opportunity to do otherwise.
While I recognize that there is a potential problem, what can I advise my daughter to do about it? (In the simplest terms, please.)
Adware and Spyware in Quicktime? Really? I have a nifty little bit of sofware called "Little Snitch" that reports when ANY outgoing connection attempts are made. The only ones I have EVER seen from QuickTime is to check for updates from Apple's site.
As far as adds? If I open QuickTime app, then I get a window with options to view movie trailers, and with info on iTunes popular songs. And that actually can easily be turned off in the preferences, which I just did. So I'm not sure what spyware and Adware you are referring to.
Not to mention that secunia is known for putting out quantities of FUD.
And notice that every vulnerability (none actually exploited in the wild) has already been fixed.
How about a link to a supposedly adware or spyware-carrying QuickTime content...
Then what is that preference pane that allows you to select the media you want QuickTime to handle...?
Keep an eye out for an empty Quicktime movie on her My Space pages.
If she clicks on something that unexpectedly requests she enter her user name and password, DON'T!
Many thanks, as always, Swordmaker!
ping here too.