A vulnerability in Apple's QuickTime movie player which makes a computer download and run a Javascript has beed discovered recently. A MySpace account is exploiting the flaw to extract information about users visiting the page and is sending it to a remote server. The web page has an embedded invisible QuickTime video that uses one Javascript to download and execute a second Javascript, acting as a spyware program, according to the researcher, Didier Stevens. His findings can be seen at the adress http://didierstevens.wordpress.com/2007/03/12/p0wned-by-a-qt-movie/ .
McAfee VirusScan will mark the first script as malware and identify it as JS/SpaceTalk Trojan. Both the QuickTime movie file, titled tys4.mov, and the second script are downloaded from a server at profileawareness.com. That's also the site that collects the user data. When an infected site is viewed, a hidden embedded QuickTime movie is played which takes advantage of the HREF Tracks features in QuickTime to download and execute a JavaScript file from an external site. The JS/SpaceStalk is executed using a known insecure feature in QuickTime called HREF Tracks. Data about the user viewing the page is collected by the script and uploaded back to the author.As the website being communicated to is normally controlled by the malware author, any script being downloaded and executed can be remotely modified and the behavior of these new scripts altered to perform further malicious actions. Apple and MySpace both had their share of security lapses in the recent past.
Last week Apple released an update to fix a variety of bugs in QuickTime and MySpace has also solved a series of exploits which have been the result of rogue Javascripts.
For example, in 2005, a user named Samy inserted a script into his profile page that allowed him to scoop up millions of friends. And in July, a banner ad posted on the social networking site infected more than a million users with spyware.
The Register tried to contact both companies for comment but did not hear back. McAfee was the only antivirus provider to detect the script at the time he posted his finding. You can find more about the trojan at the website http://vil.nai.com/vil/content/v_141428.htm, his description being modified on 03/16/2007. The risk is considered to be low for home users. Information on the vulnerability which is being exploited can be found here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0059
Home
Contact Us
VersaEdge Software LLC, an email forwarding company, announced today major new features added to the email forwarding VersaForward Service. New administrative controls allow users to control settings such as advanced text reduction, custom filtering, pausing forwarding, spam blocking, and forwarding destinations..gif&max=80)
