Security Bytes: Phishing worm spreads through MySpace

Phishing worm spreads through MySpace
Here's a concern for enterprises whose employees may be using MySpace on company time:

Phishers are targeting the MySpace community with a worm that exploits the Javascript support within Apple's embedded QuickTime player as well as a MySpace vulnerability, San Diego, Calif.-based Websense Inc. said in an advisory. Attackers are using the flaws to replace legitimate links on the user's MySpace profile with links to a phishing site.

"Once a user's MySpace profile is infected [by viewing a malicious embedded QuickTime video], that profile is modified in two ways," Websense said. "The links in the user's page are replaced with links to a phishing site, and a copy of the malicious QuickTime video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well."

An infected profile can be identified by the presence of an empty QuickTime video or modified links in the MySpace header section, Websense said.

Security researchers warn of new Windows flaw
Attackers could cause a denial of service by exploiting a new flaw in Microsoft Windows, security researchers warned in advisories over the weekend.

According to Danish vulnerability clearinghouse Secunia, the flaw is caused by an error in the handling of "RpcGetPrinterData()" RPC requests within Windows' Print Spooler service (spoolsv.exe). "This can be exploited to consume almost all available memory via a specially crafted packet, which may result in a system crash," Secunia said.

Secunia confirmed the flaw on a fully patched Windows 2000 SP4 system, and said other versions may be affected as well.

Secunia and the French Security Incident Response Team (FrSIRT) recommended users mitigate the threat by restricting access to the service or by disabling the Print Spooler service.

EveryDNS is hit by massive botnet attack
Botnet masters launched a fierce distributed denial-of-service (DDoS) attack over the weekend against Web sites using the free domain name management services of EveryDNS and sister company OpenDNS, which runs the PhishTank anti-phishing initiative. The attack ultimately affected thousands of sites, according to a report in eWeek. While the home page and blog for OpenDNS were knocked down for more than an hour Dec. 1, the company's core DNS resolution service seems to have escaped damage.

Attacks are continuing, but the company has managed to contain it through high-level traffic filtering and modifications at the DNS level, eWeek reported.