MySpace on Tuesday night began distributing a temporary fix for an Apple QuickTime vulnerability affecting users of the popular social networking site.
Last night, MySpace members using Internet Explorer and running QuickTime received a message from the site's founder Tom Anderson. When users sign up, "Tom" automatically becomes their friend.
"Hey, you're seeing this message because we detected that you have QuickTime on your system," he said in the announcement, posted to users' profile pages. "QuickTime lets you watch movies on your computer. There's been a security problem with QuickTime this weekend and bad guys have been trying to phish accounts exploiting the security hole. You can protect yourself by downloading this patch to your QuickTime - it only takes 30 seconds."
According to published reports, Apple is working on a permanent fix for the problem. A company spokesperson could not immediately be reached for comment today to explain why MySpace was charged with releasing the temporary patch.
Malicious attackers steal these credentials to spam "friends" of the victim in a section on MySpace pages that permit users to leave comments. The messages say generic things such as "what else is there to do on a Sunday" or "omg did you see this last nite." Below the text is a screenshot of a movie that is "spectacularly pornographic," according to Christopher Boyd, director of malware research for FaceTime Communications.
Should users click on the screenshot, they are directed to pornographic site called "Vidchicks" that contains Zango adware, he said. The site's webmaster profits each time someone installs the adware.
Click here to email Dan Kaplan.