A new worm creeps all over Myspace
Posted on 06.12.2006
Bookmark and Share
Itís great to meet people online and befriend them, to share your thoughts, photographs, movies and much more. Even better when the community website is easy to login to and manage; until your network intermingles with the criminal gangs of the web underground!

Security Experts at MicroWorld Technologies inform that a Worm named ĎWin32.Ofigelí is spreading in large numbers across the world among a 70 million strong user base of the highly successful community portal, Myspace.com. Security experts had long raised concerns about the vast opportunity that websites like Myspace provide to online thieves and criminals, in exploiting their open nature and easy access.

When a member of the community views an infected profile, a Quicktime movie carrying Ofigel Worm is played, which exploits an XSS vulnerability in the network using a Javascript. The Worm then replaces userís Myspace menu with a fraudulent one and the menu items redirect the user to a Phishing website identical to Myspace, where the Username and Password of the victim are captured.

Then the Worm logs onto certain websites to download the malicious Quicktime movie and adds it to the userís profile. When a new user, mostly the victimís contact, watches the movie, his or her computer gets infected and the chain goes on.

As if thatís not enough, Ofigel later harvests the email IDs of victimís contacts and starts sending Spam mails to them with subject lines like: What else is there to do on a Sunday, You better not forget about this, Hehe that was so funny, Better see this one last time lol, Whoís coming to the party tonight, etc. All messages quiet in sync with the youth culture of Myspace.

Myspace officials inform that they are acting to minimize the impact of this worm on users, by identifying the URLs attempting to exploit this vulnerability. Those URLs are being blocked, while the infected profiles being removed.





Spotlight

Attackers use reflection techniques for larger DDoS attacks

Posted on 17 April 2014.  |  Instead of using a network of zombie computers, newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. This approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Apr 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //