Wednesday, March 21, 2007

A New Worm Creeps All Over MySpace

It’s great to meet people online and befriend them, to share your thoughts, photographs, movies, and much more. Even better when the community Web site is easy to log in to and manage; until your network intermingles with the criminal gangs of the Web underground!

Security Experts at MicroWorld Technologies inform that a Worm named ‘Win32.Ofigel’ is spreading in large numbers across the world among a 70 million strong user base of the highly successful community portal, MySpace.com. Security experts have long raised concerns about the vast opportunity that Web sites like MySpace provide to online thieves and criminals in exploiting their open nature and easy access.

When a member of the community views an infected profile, a QuickTime movie carrying the Ofigel worm is played, which exploits an XSS vulnerability in the network using a Java script. The Worm then replaces the user’s MySpace menu with a fraudulent one and the menu items redirect the user to a phishing Web site identical to MySpace, where the username and password of the victim are captured.

Then the Worm logs onto certain Web sites to download the malicious QuickTime movie and adds it to the user’s profile. When a new user, mostly the victim’s contact, watches the movie, his or her computer gets infected and the chain goes on.

As if that’s not enough, Ofigel later harvests the email IDs of a victim’s contacts and starts sending spam mails to them with subject lines like: What else is there to do on a Sunday, You better not forget about this, Hehe that was so funny, Better see this one last time lol, Who’s coming to the party tonight, etc. All messages are quite in sync with the youth culture of MySpace.

“This is just one of the many recent incidents that goes on to prove how multi-tiered and multi-pronged the online threats have become in recent times,” says Sunil Kripalani, Vice President, Global Sales and Marketing, MicroWorld Technologies. “The attack involves a worm, a media player, phishing and spamming. It also gives a clear indication that community Web sites are fast becoming one of the most preferred vectors of malware proliferation.”

MySpace officials inform that they are acting to minimize the impact of this worm on users by identifying the URLs attempting to exploit this vulnerability. Those URLs are being blocked, while the infected profiles being removed.

About the Author
Btv Raj is the Content Writer and Creative Visualizer of MicroWorld Technologies.

No comments: