Filed under: Security
QuickTime exploit in the wild, demoed on Second Life
As reported, the RTSP vulnerability in QuickTime was accompanied by working exploit code, accelerating the process of malefactors and miscreants turning it into actual malicious payloads. Symantec & other outlets have since reported that the QuickTime exploit has been seen in the wild; the exploit causes Windows clients to download a secondary malware package.
Meanwhile, security researchers Charlie Miller and Dino Dai Zovi (he of the CanSecWest hacking prize) leveraged the QuickTime vulnerability to demonstrate an attack within the Second Life virtual environment. Since SL uses QuickTime to play video in-game, any player wandering within activation distance of the 'evil movie' can be pwned. Miller and Dai Zovi's demo causes the victim to gesticulate, shout "I've been hacked!" and -- most disturbingly -- send 12 Linden dollars to the attackers' SL account.
The Second Life exploit starts to veer disturbingly towards Snow Crash territory. I don't want to spoil Neal Stephenson's brilliant breakthrough novel for those who haven't read it, so go read it. For the rest of us, doesn't the idea of a 'virus video' that attacks anyone who watches it seem awfully familiar?
[via Mac OS Ken]
Get a WordPress.com Blog
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Turk said 9:41AM on 12-05-2007
This would have been 20 times better if they shouted "You have 7 days" and then Samara shows up.
Reply
Michael Rose said 10:03AM on 12-05-2007
I'll admit I'm not getting the reference.
I was kind of expecting "If this were a virus, I'd be dead right now. Fortunately it isn't. How's my security?"
Leonard Nimrod said 10:17AM on 12-05-2007
@ Michael Rose,
• http://en.wikipedia.org/wiki/Samara_Morgan
• http://www.imdb.com/title/tt0298130/
Dale said 10:30AM on 12-05-2007
You lose points for using Samara and not Sadako.
Original book > Ringu > The Ring.
tim said 12:29PM on 12-05-2007
@Dale
But you gain infinity points for being the coolest guy who reads the site because you know what we -- pop culture followers -- don't.
I WISH I didn't know what the Ring was...
running said 6:30PM on 12-05-2007
the original book is terrible. really. i have never read anything so weird before.
Tony Bowman said 1:43PM on 12-05-2007
Where is Hiro Protagonist when you need him?
also, I keep video and music disabled when i'm in SL. can't stand that stuff blaring.
Reply
artifex said 2:28PM on 12-05-2007
What do people actually do in SL, anyway? Besides all the cyberwhoring and MLM and banking scams we read about?
Reply
thethirdmoose said 6:04PM on 12-05-2007
cecks