Worm wriggling through MySpace
Unknown phishers have taken advantage of the Javascript support in Apple's Quicktime Player to spy on IDs and passwords for users of the MySpace online community. Simply viewing a Quicktime video, planted by the phishers, will infect the user's own MySpace profile.
The security vendor Websense reports that the infection is only evident upon close inspection. One effect is that the uppermost menu bar is replaced by one containing links to the phishing site. This brings users to a login screen designed to mimic the authentic MySpace login. Every other MySpace user who surfs to the infected profile is then also infected by the worm. Another identifying characteristic is an empty Quicktime video in the header of the MySpace page.
(trk)