Massively brings you complete coverage from the Warhammer Online beta!

QuickTime exploit in the wild, demoed on Second Life

Posted Dec 5th 2007 9:00AM by Michael Rose
Filed under: Security


As reported, the RTSP vulnerability in QuickTime was accompanied by working exploit code, accelerating the process of malefactors and miscreants turning it into actual malicious payloads. Symantec & other outlets have since reported that the QuickTime exploit has been seen in the wild; the exploit causes Windows clients to download a secondary malware package.

Meanwhile, security researchers Charlie Miller and Dino Dai Zovi (he of the CanSecWest hacking prize) leveraged the QuickTime vulnerability to demonstrate an attack within the Second Life virtual environment. Since SL uses QuickTime to play video in-game, any player wandering within activation distance of the 'evil movie' can be pwned. Miller and Dai Zovi's demo causes the victim to gesticulate, shout "I've been hacked!" and -- most disturbingly -- send 12 Linden dollars to the attackers' SL account.

The Second Life exploit starts to veer disturbingly towards Snow Crash territory. I don't want to spoil Neal Stephenson's brilliant breakthrough novel for those who haven't read it, so go read it. For the rest of us, doesn't the idea of a 'virus video' that attacks anyone who watches it seem awfully familiar?

[via Mac OS Ken]

Tags: quicktime, rtsp, second life, SecondLife, security

  • Read
  • Permalink
  • Email this
  • Comments [9]

Related Headlines

Reader Comments (Page 1 of 1)

TUAW Features

back-to-school
Mac 101 ask-tuaw
Mac News
WWDC (251)
.Mac (65)
Accessories (651)
Airport (75)
Analysis / Opinion (1402)
Apple (1695)
Apple Corporate (573)
Apple Financial (197)
Apple History (51)
Apple Professional (54)
Apple TV (164)
Audio (450)
Bad Apple (130)
Beta Beat (155)
Blogging (87)
Bluetooth (18)
Bugs/Recalls (56)
Cult of Mac (879)
Deals (224)
Desktops (116)
Developer (277)
Education (109)
eMac (10)
Enterprise (146)
Features (411)
Freeware (397)
Gaming (390)
Graphic Design (37)
Hardware (1302)
Holidays (37)
Humor (586)
iBook (66)
iLife (240)
iMac (185)
Internet (339)
Internet Tools (1337)
iTS (981)
iTunes (823)
iWork (23)
Leopard (375)
Mac mini (112)
Mac Pro (54)
MacBook (206)
MacBook Air (82)
Macbook Pro (225)
MobileMe (47)
Multimedia (457)
Odds and ends (1481)
Open Source (281)
OS (937)
Peripherals (214)
Podcasting (183)
Podcasts (94)
Portables (198)
PowerBook (136)
PowerMac G5 (51)
Retail (610)
Retro Mac (50)
Rig of the Week (42)
Rumors (640)
Software (4442)
Software Update (425)
Steve Jobs (254)
Stocking Stuffers (50)
Surveys and Polls (97)
Switchers (114)
The Woz (35)
TUAW Business (256)
Universal Binary (281)
UNIX / BSD (61)
Video (907)
Weekend Review (84)
WIN Business (47)
Wireless (87)
Xserve (39)
iPhone/iPod News
iPhone (1755)
iPod Family (2109)
App Store (144)
SDK (27)
Mac Events
One More Thing (27)
Liveblog (2)
Other Events (226)
Macworld (489)
Mac Learning
AppleScript (4)
Ask TUAW (106)
Blogs (85)
Books (26)
Books and Blogs (62)
Cool tools (449)
Hacks (471)
How-tos (490)
Interviews (44)
Mods (190)
Productivity (591)
Reviews (114)
Security (166)
Terminal Tips (64)
Tips and tricks (574)
Troubleshooting (171)
TUAW Features
iPhone 101 (36)
TUAW Labs (4)
Blast From the Past (19)
TUAW Tips (150)
Flickr Find (38)
Found Footage (90)
Mac 101 (109)
TUAW Interview (31)
Widget Watch (198)
The Daily Best (1)
TUAW Faceoff (6)

RESOURCES

RSS NEWSFEEDS

Powered by Blogsmith

Sponsored Links

The Unofficial Apple Weblog (TUAW) bloggers (30 days)

#BloggerPostsCmts
1Robert Palmer4942
2Cory Bohon461
3Steven Sande3913
4Erica Sadun251
5Scott McNulty242
6Mike Schramm230
7Giles Turnbull220
8Michael Rose2125
9Mat Lu1910
10Christina Warren1735
11Dave Caolo170
12Brett Terpstra110
13TUAW Blogger60
14Victor Agreda, Jr.26
15Jason Clarke11

Featured Galleries

Macworld 2008 Keynote
Macworld 2008 Build-up
Apple Vanity Plates
DiscPainter
Crash Bandicoot Nitro Kart 3D
Macworld Expo 2007 show floor
Apple Texas Hold 'Em
The Macworld Faithful in Line
iPhone First Look

 

    Most Commented On (7 days)

    Recent Comments

    More Apple Analysis

    More from AOL Money and Finance

    Weblogs, Inc. Network

    Other Weblogs Inc. Network blogs you might be interested in:

    Joystiq
    Download Squad
    The Unofficial Apple Weblog (TUAW)
    BloggingStocks
    Xbox 360 Fanboy
    Autoblog
    Big Download Blog
    Fanhouse Backporch