RE: Websense: Malware of the Week: MySpace XSS QuickTime Worm

["Hubbard, Dan" <dhubbard () websense com>]

FWIW: Same event yes.

Also to clarify..."empty means no video not no code" :-).

Also, we have seen variants that include video and code now.

 

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Juha-Matti Laurio
Sent: Saturday, December 02, 2006 8:20 AM
To: Fergie; funsec () linuxbox org
Subject: Re: [funsec] Websense: Malware of the Week: MySpace XSS
QuickTime Worm

Hmmm, is this the same issue than Neowin forum issue reported here:
http://linuxbox.org/pipermail/funsec/2006-December/010547.html

Neowin forum thread doesn't mention empty QT videos.

Is this tip usefull to case reported by Websense:
"...so open the quicktime .mov in notepad, look at the binary followed
by "apple text writer plugin"
i.e. to find JS code included.


- Juha-Matti

Fergie <fergdawg () netzero net> wrote: 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Another good one from the guys at Websense Labs.
>
>  http://www.websense.com/securitylabs/alerts/alert.php?AlertID=708
>
> - - ferg
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.5.1 (Build 1557)
>
> wj8DBQFFcP7Kq1pz9mNUZTMRAryYAKDc4THKe/KmsY2ZRuxuPnxwYFiLUQCgwuVR
> EYbSXWW0s9MnnMF8F1rKBNw=
> =ZqIJ
> -----END PGP SIGNATURE-----
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet  fergdawg(at)netzero.net  
> ferg's tech blog: http://fergdawg.blogspot.com/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.