Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

QuickTime JavaScript worm spreads via MySpace
Apple/Mac Daily News ^ | 12-04-06

Posted on 12/04/2006 12:34:18 PM PST by My Favorite Headache

QuickTime JavaScript worm spreads via MySpace

Monday, December 04, 2006 - 01:39 PM EST

Websense Security Labs has confirmed the existence of a worm spreading on the MySpace network. This worm is exploiting the Javascript support within Apple's embedded QuickTime player. This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list. The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site.

Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well.

An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both.

More info and screenshot: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=708

F-Secure Virus Information: Name: JS/Quickspace.A Type: Worm Category: Virus Platform: JS (JavaScript)

More info: http://www.f-secure.com/v-descs/js_quickspace_a.shtml


TOPICS: Crime/Corruption; Extended News; Miscellaneous; Technical
KEYWORDS: macvirus; myspace; profile; virus

1 posted on 12/04/2006 12:34:24 PM PST by My Favorite Headache
[ Post Reply | Private Reply | View Replies]

To: My Favorite Headache

Isn't myspace pretty much a virus in it's own right?


2 posted on 12/04/2006 12:37:35 PM PST by CharlesWayneCT
[ Post Reply | Private Reply | To 1 | View Replies]

To: CharlesWayneCT

Quick Time is full of adware and spyware as well.


3 posted on 12/04/2006 12:41:34 PM PST by TommyDale (Iran President Ahmadinejad is shorter than Tom Daschle!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Swordmaker

Ping.


4 posted on 12/04/2006 12:48:16 PM PST by DaveMSmith ("Heaven is the only basis for our continued existence".)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TommyDale
Quick Time is full of adware and spyware as well.

I doubt it.

5 posted on 12/04/2006 1:01:02 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 3 | View Replies]

To: TommyDale
Quick Time is full of adware and spyware as well.

Such as?

6 posted on 12/04/2006 1:03:07 PM PST by IncPen (When Al Gore Finished the Internet, he invented Global Warming)
[ Post Reply | Private Reply | To 3 | View Replies]

To: TommyDale
Quick Time is full of adware and spyware as well.

Horse puckey.

QT is a system component, made by Apple Computer.

People can hook up all sorts of stuff to it (such as this MySpace virus), but carrying manure in a bucket doesn't make the bucket bad.

7 posted on 12/04/2006 1:05:23 PM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: TommyDale

My grandsons 2 graduated from college and 1 in college were here Thanksgiving..I had finally cleaned up this computer, a hand me down from one of them via my son... and had zero on my last scan from Adaware..I had 23 critical items after they left! LOL

There was nothing serious enough for AVG to catch... I had had a Trojan and it took weeks to figure out how to rid myself of it. Lesson learned..Never turn off the popup blocker and forget to turn it back on!


8 posted on 12/04/2006 1:15:11 PM PST by MEG33 (GOD BLESS OUR ARMED FORCES.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: CharlesWayneCT

In a good way, yes. It's an amazingly powerful networking/marketing tool and a huge part of my business. Oh yea, and it's free. If that's a virus, gimme more, please!


9 posted on 12/04/2006 1:20:00 PM PST by Huck (Soylent Green is People.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Huck

BUMP!


10 posted on 12/04/2006 1:22:16 PM PST by Publius6961 (MSM: Israelis are killed by rockets; Lebanese are killed by Israelis.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: My Favorite Headache

This is a generic exploit that affects all multimedia players, Quacktime, RealPlayer, WinMediaPlayer. It's really a problem with any OS or program that allows injection of arbitrary code.

It's not the delivery medium, it's the programmer who doesn't screen input code for crap. It could and does happen to all OSes and programs (PHP and ActiveScript are both vulnerable), but Win seems to cause the most groans.


11 posted on 12/04/2006 1:28:25 PM PST by spudsmaki
[ Post Reply | Private Reply | To 1 | View Replies]

To: Izzy Dunne

In my opinion all software that insists on being terminal resident when not in use is Crapware. That includes the newer printer software. None of this crapware should be running unless the program is in use. It never needed to be in the past and it should not be now. The newest software will not even allow you to turn its TSR status off. You have to force it by some other method.


12 posted on 12/04/2006 1:32:59 PM PST by Revel
[ Post Reply | Private Reply | To 7 | View Replies]

To: Izzy Dunne; HAL9000; IncPen

I'm not going to argue the point, here is a good link for starters:

http://secunia.com/advisories/21893/


13 posted on 12/04/2006 1:34:50 PM PST by TommyDale (Iran President Ahmadinejad is shorter than Tom Daschle!)
[ Post Reply | Private Reply | To 7 | View Replies]

To: TommyDale
I'm not going to argue the point

That's not surprising. The link you provided is not evidence that "Quick Time is full of adware and spyware". Evidently, you are misinformed about the difference between a vulnerability and actual malware.

14 posted on 12/04/2006 1:40:03 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 13 | View Replies]

To: HAL9000

Call it what you want. All I know is that every time QuickTime has been loaded for some two-bit video, it leaves spyware/advare that had to be cleaned up. Maybe the content left it. In any event, QuickTime isn't really that important to load, so it has been eliminated.


15 posted on 12/04/2006 1:41:58 PM PST by TommyDale (Iran President Ahmadinejad is shorter than Tom Daschle!)
[ Post Reply | Private Reply | To 14 | View Replies]

To: TommyDale
I'm not going to argue the point

Well, no wonder. Your link contains absolutely nothing about adware, or spyware.

16 posted on 12/04/2006 1:52:59 PM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: TommyDale
every time QuickTime has been loaded for some two-bit video, it leaves spyware/advare

Maybe you should stop watching two-bit videos?

Seriously, it's not QuickTime that leaves the adware, it's the places you visit.

17 posted on 12/04/2006 1:56:47 PM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Izzy Dunne

If a movie link indicates QuickTime, I now avoid it like the plague.


18 posted on 12/04/2006 1:59:48 PM PST by TommyDale (Iran President Ahmadinejad is shorter than Tom Daschle!)
[ Post Reply | Private Reply | To 17 | View Replies]

To: TommyDale
If a movie link indicates QuickTime, I now avoid it like the plague.

It sounds like an operating system issue. Despite the reports of obscure vulnerabilities, QuickTime is generally safe to use and it has the best-quality video technology available. Unfortunately, Windows users have been terrorized by malware for several years, and now many of them are afraid to do simple things like downloading a file, opening an e-mail or watching a video. Computer users shouldn't have to live in fear of the Internet, but that's the way it is for Microsoft customers. It's a lousy way to experience the network, in my opinion.

19 posted on 12/04/2006 2:55:19 PM PST by HAL9000 (Get a Mac - The Ultimate FReeping Machine)
[ Post Reply | Private Reply | To 18 | View Replies]

To: TommyDale; Izzy Dunne; HAL9000
Not surprisingly, his link describes something other than adware and spyware.

It describes how a 'carefully crafted H.264, FLC movie, FlashPix file or SGI image can trigger a buffer overflow which may lead to an application crash or arbitrary code execution with the privileges of the user.'

Not surprisingly, the error referenced affects both Mac and PCs, and a security patch is available.

In the grand scheme of things, I reckon this makes it something like (I'll be generous) 10 billion PC security holes to one on the Mac. Which no longer exists.

Bravo!

Yawn.

Now, about that Adware and Spyware?

20 posted on 12/04/2006 3:47:39 PM PST by IncPen (When Al Gore Finished the Internet, he invented Global Warming)
[ Post Reply | Private Reply | To 13 | View Replies]

To: 1234; 6SJ7; Action-America; af_vet_rr; afnamvet; Alexander Rubin; anonymous_user; ...
Flaw in My Space's handling of Quicktime can result in online Phishing at MySpace.com PING!

If you want on or off the Mac Ping List, Freepmail me.

21 posted on 12/05/2006 8:14:47 AM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: IncPen
Not surprisingly, the error referenced affects both Mac and PCs, and a security patch is available.

Re: the "Buffer overflow ... or arbitrary code execution with the privileges of the user."

Actually, not on a Mac... executables cannot be run in the data buffer which is where a badly crafted Quicktime movie would be placed. A buffer overflow would, at worst, crash Quicktime.

AND as you pointed out, the solution is easy:

Solution:
Update to version 7.1.3.
http://www.apple.com/quicktime/download


22 posted on 12/05/2006 8:22:39 AM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 20 | View Replies]

To: TommyDale
Quick Time is full of adware and spyware as well.

QuickTime is an Apple product. Apple is pure as the driven snow and can do no wrong. </sarcasm>

23 posted on 12/05/2006 8:27:31 AM PST by Mannaggia l'America
[ Post Reply | Private Reply | To 3 | View Replies]

To: Mannaggia l'America

Thanks. They can say it any way they want, but I can attest to the fact that almost every time I have to run something with QuickTime, it causes problems. I refuse to submit to such garbage. Do a Google search on "Quicktime" and "problems" and see what others have found. The Apple fanatics like to blame Microsoft. You and I both know that Apple isn't perfect, and the only reason they have fewer problems is that the hackers know there isn't enough market share to cause a major problem by attacking Apples.


24 posted on 12/05/2006 8:31:44 AM PST by TommyDale (Iran President Ahmadinejad is shorter than Tom Daschle!)
[ Post Reply | Private Reply | To 23 | View Replies]

To: IncPen
Not surprisingly, the error referenced affects both Mac and PCs, and a security patch is available.

My read is that it affects neither Macs nor PCs -- just corrupts MySpace profiles. It won't infect my machine, and unless I'm dumb enough to follow a phishing link and give them personal info, no harm to me. Or did I miss something?

25 posted on 12/05/2006 8:51:17 AM PST by ReignOfError
[ Post Reply | Private Reply | To 20 | View Replies]

To: TommyDale
Do a Google search on "Quicktime" and "problems" and see what others have found.

A Google search of "Quicktime Problem" +PC returned only 684 hits... many of which are duplicates or links down a thread on the same issue. That hardly seems to be a pervasive problem. changing the word "problem" to "problems" only increased the hits to 1200.

I suspect you have a software/hardware incompatiblility where Quicktime on your system is clashing with either hardware on your system or some other piece of software is not releasing a system resource so that Quicktime can use it. In the past there have been known issues of conflicts with RealPlayer and its components.

Most issues with Quicktime on PCs were caused by an incomplete or failed initial installation. Try removing it completely and then re-installing it with the latest version.

26 posted on 12/05/2006 8:51:23 AM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 24 | View Replies]

To: thefactor

FYI ping...


27 posted on 12/05/2006 8:52:38 AM PST by Pharmboy ([She turned me into a] Newt! in '08)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TommyDale
Quick Time is full of adware and spyware as well.

You're just focusing on the surface. It's TCP/IP and HTTP that are full of adware and spyware.

28 posted on 12/05/2006 8:53:55 AM PST by ReignOfError
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker

It doesn't matter what the conflict is. it causes problems. If I have to remove another program to run a Quicktime clip, it is of no use to me. The point is, there are known conflicts.


29 posted on 12/05/2006 8:54:56 AM PST by TommyDale (Iran President Ahmadinejad is shorter than Tom Daschle!)
[ Post Reply | Private Reply | To 26 | View Replies]

To: ReignOfError
My read is that it affects neither Macs nor PCs -- just corrupts MySpace profiles. It won't infect my machine, and unless I'm dumb enough to follow a phishing link and give them personal info, no harm to me. Or did I miss something?

Apparently the myspace hack just affects myspace, but there is a theoretical hack that could infect Quicktime and the other files I mentioned. As Swordmaker pointed out, worst case scenario on the Mac is that it might crash Quicktime

30 posted on 12/05/2006 8:58:58 AM PST by IncPen (When Al Gore Finished the Internet, he invented Global Warming)
[ Post Reply | Private Reply | To 25 | View Replies]

To: TommyDale
They can say it any way they want, but I can attest to the fact that almost every time I have to run something with QuickTime, it causes problems.

I haven't specifically had compatibility problems with QuickTime, but I avoid installing it because when I have it insists on installing shortcuts on the desktop and in my QuickLaunch bar and it insists on running a component at startup (which sits in the tray), apparently to check for updates. And if you try disabling the startup item with msconfig, it comes back the next time you use QuickTime. At least that's what I recall.

31 posted on 12/05/2006 9:57:23 AM PST by Mannaggia l'America
[ Post Reply | Private Reply | To 24 | View Replies]

To: Mannaggia l'America

Exactly. It tries to take control of all the media without offering an opportunity to do otherwise.


32 posted on 12/05/2006 10:05:54 AM PST by TommyDale (Iran President Ahmadinejad is shorter than Tom Daschle!)
[ Post Reply | Private Reply | To 31 | View Replies]

To: Swordmaker

While I recognize that there is a potential problem, what can I advise my daughter to do about it? (In the simplest terms, please.)


33 posted on 12/05/2006 12:52:30 PM PST by sarasota
[ Post Reply | Private Reply | To 21 | View Replies]

To: TommyDale

Adware and Spyware in Quicktime? Really? I have a nifty little bit of sofware called "Little Snitch" that reports when ANY outgoing connection attempts are made. The only ones I have EVER seen from QuickTime is to check for updates from Apple's site.

As far as adds? If I open QuickTime app, then I get a window with options to view movie trailers, and with info on iTunes popular songs. And that actually can easily be turned off in the preferences, which I just did. So I'm not sure what spyware and Adware you are referring to.


34 posted on 12/05/2006 5:56:11 PM PST by TheBattman (I've got TWO QUESTIONS for you....)
[ Post Reply | Private Reply | To 3 | View Replies]

To: TommyDale

Not to mention that secunia is known for putting out quantities of FUD.

And notice that every vulnerability (none actually exploited in the wild) has already been fixed.


35 posted on 12/05/2006 6:03:40 PM PST by TheBattman (I've got TWO QUESTIONS for you....)
[ Post Reply | Private Reply | To 13 | View Replies]

To: TommyDale

How about a link to a supposedly adware or spyware-carrying QuickTime content...


36 posted on 12/05/2006 6:07:25 PM PST by TheBattman (I've got TWO QUESTIONS for you....)
[ Post Reply | Private Reply | To 18 | View Replies]

To: TommyDale

Then what is that preference pane that allows you to select the media you want QuickTime to handle...?


37 posted on 12/05/2006 6:13:36 PM PST by TheBattman (I've got TWO QUESTIONS for you....)
[ Post Reply | Private Reply | To 32 | View Replies]

To: sarasota
While I recognize that there is a potential problem, what can I advise my daughter to do about it? (In the simplest terms, please.)

Keep an eye out for an empty Quicktime movie on her My Space pages.

If she clicks on something that unexpectedly requests she enter her user name and password, DON'T!

38 posted on 12/05/2006 8:09:57 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 33 | View Replies]

To: Swordmaker

Many thanks, as always, Swordmaker!


39 posted on 12/06/2006 7:06:11 AM PST by sarasota
[ Post Reply | Private Reply | To 38 | View Replies]

To: prayin4_swcb

ping here too.


40 posted on 12/06/2006 11:03:36 PM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson