Britney Spears, Apple's Quicktime and New Spam Attacks

The SANS Internet Storm Center says Apple's Quicktime 7.3 update fixed "a number of serious vulnerabilities," including:

The Quicktime flaw wasn't just an idle issue, either. Spammers have been specifically pinpointing softness in Quicktime -- and using Britney Spears as a weapon of attack. The folks at Marshal TRACE report:

The email contains a link to web site that shoots "Obfuscated Javascript" in an IFramewhich, Marshal TRACE says, "detects if, and what versions of, the Apple QuickTime plug-in is installed. Another hidden IFrame is created containing an embedded object that embeds a QuickTime object that exploits an Apple QuickTime RTSP URI Buffer Overflow Vulnerability allowing the attacker to run commands on the victims PC."

The advice they provide: don't click links in unsolicited email, especially containing references to celebrities who have been in the headlines of the day. Well, yeah. That certainly sounds like a no-brainer (at this point, it's probably not even advisable for Britney to click open her own email), until you realize the spammers must keep using this tactic because it works.

Sponsored post