The altered QuickTime video file changes users' profiles when it is played, embeds itself, and creates links to malicious web sites. When other MySpace users visit an affected profile, their own profile also becomes infected.
"The worm does three things," says Alex Dubrovsky of SonicWALL's Security Center. "It finds the user's own profile page through cookies, and then infects the profile, embedding a malicious MOV file; the worm then sends spam messages of pornographic nature with variable subjects; and also redirects the MySpace login page to a fake page, attempting to steal users' login credentials."
The QSpace worm was first discovered in the wild on Saturday, December 2. On December 4, users of SonicWALL's Unified Threat Management technology received updated signatures designed to protect against this threat. SonicWALL has issued the signatures QSpace (Worm), QSpace.2 (Worm) and QSpace#mov (Worm) for both the JavaScript and Quicktime MOV components of the worm.
SonicWALL has developed unique technologies to deliver zero day gateway anti-virus, anti-spyware and intrusion prevention signatures to its subscribers on a continual basis, allowing them to defend against new and existing Internet attacks and exploits such as phishing, viruses, DHA or DoS attacks and more.
By SonicWALL
Posted December 25th, 2006 by Nymphadora
