If you want on or off the Mac Ping List, Freepmail me.
Posted on 12/04/2006 12:34:18 PM PST by My Favorite Headache
QuickTime JavaScript worm spreads via MySpace
Monday, December 04, 2006 - 01:39 PM EST
Websense Security Labs has confirmed the existence of a worm spreading on the MySpace network. This worm is exploiting the Javascript support within Apple's embedded QuickTime player. This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list. The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site.
Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is modified in two ways. The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well.
An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, or both.
More info and screenshot: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=708
F-Secure Virus Information: Name: JS/Quickspace.A Type: Worm Category: Virus Platform: JS (JavaScript)
More info: http://www.f-secure.com/v-descs/js_quickspace_a.shtml
If you want on or off the Mac Ping List, Freepmail me.
Re: the "Buffer overflow ... or arbitrary code execution with the privileges of the user."
Actually, not on a Mac... executables cannot be run in the data buffer which is where a badly crafted Quicktime movie would be placed. A buffer overflow would, at worst, crash Quicktime.
AND as you pointed out, the solution is easy:
Solution:
Update to version 7.1.3.
http://www.apple.com/quicktime/download
QuickTime is an Apple product. Apple is pure as the driven snow and can do no wrong. </sarcasm>
Thanks. They can say it any way they want, but I can attest to the fact that almost every time I have to run something with QuickTime, it causes problems. I refuse to submit to such garbage. Do a Google search on "Quicktime" and "problems" and see what others have found. The Apple fanatics like to blame Microsoft. You and I both know that Apple isn't perfect, and the only reason they have fewer problems is that the hackers know there isn't enough market share to cause a major problem by attacking Apples.
My read is that it affects neither Macs nor PCs -- just corrupts MySpace profiles. It won't infect my machine, and unless I'm dumb enough to follow a phishing link and give them personal info, no harm to me. Or did I miss something?
A Google search of "Quicktime Problem" +PC returned only 684 hits... many of which are duplicates or links down a thread on the same issue. That hardly seems to be a pervasive problem. changing the word "problem" to "problems" only increased the hits to 1200.
I suspect you have a software/hardware incompatiblility where Quicktime on your system is clashing with either hardware on your system or some other piece of software is not releasing a system resource so that Quicktime can use it. In the past there have been known issues of conflicts with RealPlayer and its components.
Most issues with Quicktime on PCs were caused by an incomplete or failed initial installation. Try removing it completely and then re-installing it with the latest version.
FYI ping...
You're just focusing on the surface. It's TCP/IP and HTTP that are full of adware and spyware.
It doesn't matter what the conflict is. it causes problems. If I have to remove another program to run a Quicktime clip, it is of no use to me. The point is, there are known conflicts.
Apparently the myspace hack just affects myspace, but there is a theoretical hack that could infect Quicktime and the other files I mentioned. As Swordmaker pointed out, worst case scenario on the Mac is that it might crash Quicktime
I haven't specifically had compatibility problems with QuickTime, but I avoid installing it because when I have it insists on installing shortcuts on the desktop and in my QuickLaunch bar and it insists on running a component at startup (which sits in the tray), apparently to check for updates. And if you try disabling the startup item with msconfig, it comes back the next time you use QuickTime. At least that's what I recall.
Exactly. It tries to take control of all the media without offering an opportunity to do otherwise.
While I recognize that there is a potential problem, what can I advise my daughter to do about it? (In the simplest terms, please.)
Adware and Spyware in Quicktime? Really? I have a nifty little bit of sofware called "Little Snitch" that reports when ANY outgoing connection attempts are made. The only ones I have EVER seen from QuickTime is to check for updates from Apple's site.
As far as adds? If I open QuickTime app, then I get a window with options to view movie trailers, and with info on iTunes popular songs. And that actually can easily be turned off in the preferences, which I just did. So I'm not sure what spyware and Adware you are referring to.
Not to mention that secunia is known for putting out quantities of FUD.
And notice that every vulnerability (none actually exploited in the wild) has already been fixed.
How about a link to a supposedly adware or spyware-carrying QuickTime content...
Then what is that preference pane that allows you to select the media you want QuickTime to handle...?
Keep an eye out for an empty Quicktime movie on her My Space pages.
If she clicks on something that unexpectedly requests she enter her user name and password, DON'T!
Many thanks, as always, Swordmaker!
ping here too.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.