Myspace Phish Attack Leads Users to Zango Content

A while ago on the Spywareguide Blog, I covered a technique being used in Peer to Peer land involving URLs being embedded in Quicktime movies, which would then pop open a website. This has now been taken to the next level, with an intensive and seemingly never ending Phish attack, the sole aim of which seems to be directing end users to a collection of Zango movies on a pornographic website. The Phish pages are hosted on compromised servers - presumably the people doing the hacking aren't particuarly brilliant at it, because they keep getting found out (an example of them being caught in the act can be seen here).

How does this attack work?

It begins with a Quicktime file being embedded in a Profile page. If the user "runs" the file (simply visiting the infected page is enough to trigger the attack in most cases), it uses the HREF function to activate some javascript. HREF? The SpywareGuide Greynets Blog: Myspace Phish Attack Leads Users to Zango Content

Linked by shanmuga Sunday, 3rd December 2006 9:15PM