MySpace Attacked by Flash Worm
A number of personal pages on the social networking site MySpace.com were attacked over the weekend using a security flaw in Macromedia Flash -- a flaw that Adobe released a patch to fix just last week. The worm spreads each time a MySpace user visits an infected user-profile page.
MySpace sent out a notice to all of its users late yesterday, saying the worm only appears to have affected people with vulnerable Flash players. Last week, Security Fix urged readers to upgrade their players to v. 9.0, noting that Adobe had fixed a flaw which could let bad guys hijack your browser if you were to merely browse a Web site that exploits the vulnerability. The Adobe update fixes the vulnerability in The patch fixes the vulnerability Internet Explorer, Firefox, Netscape and Opera.
From the bulletin:
"Latest Update: 05:15PM PST, Monday, July 17th. hey folks - we are moving myspace music players and video players to flash 9.0. flash 9 has security fixes so that people can't mess with you on myspace. if your 'about me' got screwed up this weekend, you could have been safe if you had flash 9 installed. here's an easy way to install it, go watch this dashboard video i posted last week. if you don't like dashboard, just watch any video in our video section, and you'll be prompted to install flash 9."
Bloggers at ChaseandSam.com had warned on Sunday that the attack was under way, saying a social-networking worm was altering users' "About Me" pages to redirect visitors to a Web site blaming the United States for the attacks of Sept. 11, 2001.
The MySpace bulletin doesn't say what else users should do besides upgrade Flash. ChaseandSam.com gives instructions for removing the worm cod: "Visit your Myspace homepage, click on edit profile, remove the lines below from your About Me section (I added some letters to the code so it won't work here, but you shouldn't have any trouble recognizing it on your own pages):
fembed ffallowscriptaccess="fnever" src=
This latest attack won't be the last, either. Over the past few days, I've been communicating with a group of dedicated and talented hackers who are plotting all kinds of mischievous tricks against social networking sites via security weaknesses. Stay tuned.
July 18, 2006; 9:19 AM ET
Categories: Latest Warnings
Save & Share: Previous: EBay Fixes Serious Security Hole in Picture Tool
Next: Hacked Ad Seen on MySpace Served Spyware to a Million
The comments to this entry are closed.