Understanding the QuickTime/MySpace Phishing Threat
December 4th, 2006 at 2:00 PM - News by Jeff Gamet
Reports of phishing exploits on MySpace Web pages that host QuickTime files have reached a fevered pitch - unfortunately most of those reports are slim on details. The potential threat is real, but understanding what it is can help you avoid accidentally giving up your personal information.
What It Is
The phishing threat on MySpace takes advantage of QuickTimeis ability to automatically play Web page movies and open URLs. These features are used for legitimate purposes all the time, but they can also be used to unknowingly redirect someone to an alternate Web page or run malicious JavaScript code.
In this case, code is being used to trick users into giving up personal information: A phishing scam.
How It Works
Since this threat is being used on the MySpace social networking Web site, you first need to have a MySpace User Profile of your own. If you are logged into MySpace and view a maliciously crafted QuickTime file on someone elseis MySpace page, JavaScript code can be added to your MySpace page that makes changes to your user profile.
The malicious QuickTime file can modify your MySpace page by adding links to fake MySpace pages that collect user names and passwords. The file can also copy to your account without your interaction.
What You Can Do
Avoid playing QuickTime movies and audio files on MySpace profile pages. Disabling QuickTimeis auto-play feature is a good idea, too. Hereis how:
- Choose Apple menu > System Preferences to launch System Preferences.
- Select the QuickTime Preferences Pane.
- Click the Browser tab.
- Uncheck Play movies automatically.
![]() Disable QuickTimeis auto-play feature. |
|---|
Recent Headlines - Updated November 21st
- Fri, 7:07 PM
- Games - Soccer Sim Championship Manager 2010 Released for Mac
- 6:47 PM
- Games - EA Publishes Original Monopoly for iPhone
- 6:15 PM
- News - Original Apple I on Ebay for $50K, w/Letter from Steve Jobs
- 6:11 PM
- Games - New iPhone Games: Secret of the Lost Cavern Ep 1, New DJ Nights, More
- 5:47 PM
- Games - Star Trek D-A-C Game Headed to the Mac Next Month
- 4:57 PM
- Product News - TidBITS Releases “Take Control of Syncing Data in Snow Leopard”
- 4:26 PM
- John Martellaro's Blog - Particle Debris (week ending 11/20) Stationery Pads Go Poof
- 2:59 PM
- Free on iTunes - Musée du Louvre, Art Lite, SketchBook Mobile X and More.
- 1:50 PM
- Deal Brothers - Acer P215H bmid 21.5” Widescreen LCD Monitor: $139.99
- 11:24 AM
- TMO Appearances - Jeff Gamet Shares More Holiday Gift Ideas on MacJury
- 10:43 AM
- Product News - Cocktail 4.5 for Leopard Adds QuickLook Cache Clearing
- 10:06 AM
- News - Hack Enables Mac OS X 10.6.2 on Netbooks
The Mac Observer Reader Specials
- TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
OWC: Mercury On-The-Go FW800+USB2 up to 1.0TB. Bus Powered, no external power supply needed. Macworld Editors Choice, CNET Very Good Starting from $99.97, 500GB $159.99. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.



The Evolved Canon Digital Rebel XSi 12MP Camera: $583.03 Delivered - $16.00 Drop
Panasonic Lumix 10MP Digital Camera: $275.95 Delivered - Additional $6 Drop!