Yet another malware is recently discovered lurking the pages of MySpace, a popular social networking Web site that has become a favorite target of threat attacks by malware authors today. This malware is a JavaScript Trojan that uses QuickTime movies as its infection vector. This malicious script is found embedded in a MySpace page of a French rockband. The said page has an EMBED tag that instructs a user’s browser to play a movie when the HTML page is opened. However, the attribute of the movie is set to “hidden”, therefore it is invisible to the profile viewer. The QuickTime movie is downloaded from the server, profileawareness.com.
QuickTime has a feature that allows URLs or JavaScript codes to be embedded in a movie. This malware takes advantage of this feature by embedding a malicious JavaScript program within the movie. Thus, when the movie is played, the JavaScript is automatically downloaded and executed. This JavaScript is a spyware that collects data about MySpace users that visits the page. The stolen information is then uploaded to the profileawareness server.
Trend Micro detects the malicious JavaScript as JS_SPACESTALK.A and the QuickTime movie as TROJ_DLOADER.JHV.
External sources have confirmed that the said vulnerability exists in version 7.1.3 of the Quicktime software for Windows and possibly earlier versions as well. This issue has already been addressed by Apple in their latest Quicktime release. More information on how to update Quicktime can be found here.
Sometimes when you try to update your Quicktime players using the “Update Existing Software” option under the program’s help menu, it tells the user that his software is already up to date even if it isn’t. To be safe you may have to manually re-install the software using the latest installation package available at the Apple Web site.
Sources:
March 19th, 2007 at 4:04 am
[...] post by TrendLabs | Anti-Malware Blog - by Trend Micro and software by Elliott [...]