Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

MySpace QuickTime Worm

Friday, December 8th, 2006 by | Filed Under: Security Help

MySpace QuickTime Worm

It seems that on December 1st, a cross-scripting worm was discovered to be infecting MySpace accounts. The JS/Qspace, as it has been called, is a worm that uses a vulnerability in Apple’s QuickTime Media Player HREF feature in order to redirect visitors to a phishing site. Once on the site, the users are asked to put in their information where it is then gathered.

The vulnerability is a two part attack. First, it uses the before mentioned vulnerability in QuickTime in order to take advantage of the vulnerability in MySpace, which can allow the automatic modification of an account, even from a Web site. This modified account then becomes a trap for other unsuspecting users, by creating an appealing page, complete with a .mov file to view.

The QuickTime vulnerability uses the HREF feature in QuickTime, which allows links to be put into movie files that can link out to fttp/http/https sites and even run JavaScript. An infected MySpace user account has been modified with an embedded QuickTime movie and a modification of all the links on the page to redirect visitors to the phishing page. If a user wishes to view the movie, they are redirected to a bogus login page where they are prompted to enter their username and password at which time, the information is collected. This information is then used to log in and modify that account and so on and so forth.

The MySpace part of this attack comes in the form of being able to modify MySpace accounts from an outside location and being able to modify accounts in bulk, without any sort of system security intervention. This allows the second half of the infection, which is the assimilation of the infected user’s account, to ensnare other members. Some of the modifications include the embedded QuickTime movie and the modification of all the links on the page. The page itself gets a new look with a blue navigation bar, among other things, that are not usually present on a MySpace user account page.

The infected user will also attempt to gather up some business by spamming all the users in the infected user’s contact list. The spam appears to have an attached movie, but it actually redirects you to a porn site where a company called Zango, Inc. takes over. Zango, Inc. is formerly known as 180 Solutions, which is a company that coincidentally settled for three million dollar deal with the Federal Trade Commission a month ago in an AdAware case, in which they were accused of adding software without proper user consent.

There are over 73 million registered users on MySpace and in an unofficial security scan of 150 MySpace users, it was revealed that one third of all the users were infected. That could potentially be some huge numbers. MySpace has reported, however, that they have already shut down all of the infected accounts, so everyone should be safe now.

This isn’t the first time there has been an attach on the MySpace Web service and in fact, there were a couple of variations of this worm floating around the site as well. On top of taking advantage of the unlatched vulnerabilities, the reason this particular virus was so successful is because of the fact that people think movies are always safe. Well, they obviously aren’t, so keep that in mind. Also, the fact that with MySpace, the account seems to timeout quite often, prompting the users to log in from time to time, makes things questionable. This makes the QuickTime movie file login seem like it belongs, so unsuspicious users would log right in, coughing up their information to the attackers.

In short, watch what you’re clicking on in MySpace. This holds especially true with any QuickTime .mov files and any suspicious messages from your contacts, complete with links. If MySpace asks for your account login information, be suspicious and recheck the actual address.

Until next week, stay safe out there.

~ Chad Stelnicki

Leave a Reply

Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.

Enter Email Address:


Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup

Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive