Hackers ramp up Facebook, MySpace attacks...
February 2008
Hackers are actively exploiting an Internet Explorer plug-in that’s widely used by Facebook Inc. and MySpace.com members with a multi-attack kit, a security company warned Friday. The exploit directed at Aurigma Inc.’s Image Uploader, an ActiveX control used by Facebook, MySpace and other social networking sites to allow members to upload photos to their profiles, is just one of five in a new hacker tool kit being used by several Chinese attack sites, said Symantec Corp. Attacks begin when users receive spam or an instant message with an embedded link, said the Symantec analyst who authored the advisory. The link takes users to a bogus MySpace log-in page, which tries to steal members’ credentials as it also silently probes the their computers for vulnerabilities in Uploader, Apple Inc.’s QuickTime, Windows and Yahoo Music Jukebox. Although the Windows and QuickTime bugs were patched eight and 13 months ago, respectively, the Uploader and Yahoo vulnerabilities were made public and fixed only within the past few weeks. The Symnatec analyst noted the hackers’ fast reaction times. “[This demonstrates] how quickly attackers are leveraging new vulnerabilities,” he said. “It is unlikely that attackers will stop trying to leverage this vulnerability any time soon.” Symantec urged users to update the Image Uploader ActiveX control to Version 4.5.57.1.
Hackers are actively exploiting an Internet Explorer plug-in that’s widely used by Facebook Inc. and MySpace.com members with a multi-attack kit, a security company warned Friday. The exploit directed at Aurigma Inc.’s Image Uploader, an ActiveX control used by Facebook, MySpace and other social networking sites to allow members to upload photos to their profiles, is just one of five in a new hacker tool kit being used by several Chinese attack sites, said Symantec Corp. Attacks begin when users receive spam or an instant message with an embedded link, said the Symantec analyst who authored the advisory. The link takes users to a bogus MySpace log-in page, which tries to steal members’ credentials as it also silently probes the their computers for vulnerabilities in Uploader, Apple Inc.’s QuickTime, Windows and Yahoo Music Jukebox. Although the Windows and QuickTime bugs were patched eight and 13 months ago, respectively, the Uploader and Yahoo vulnerabilities were made public and fixed only within the past few weeks. The Symnatec analyst noted the hackers’ fast reaction times. “[This demonstrates] how quickly attackers are leveraging new vulnerabilities,” he said. “It is unlikely that attackers will stop trying to leverage this vulnerability any time soon.” Symantec urged users to update the Image Uploader ActiveX control to Version 4.5.57.1.
posted by arkietechs at 7:40 AM
0 Comments:
Post a Comment
<< Home