MySpace users are being tricked with a pop up that resembles a Windows Update screen, this happens when you visit specific, specially crafted, friend’s pages.
After clicking it, it will start downloading malware right to their PCs.
More info here.
Archive for April, 2008
S/MIME Processing could trigger automatic HTTP request in Outlook and others
April 8, 2008An attacker sending a specially crafted (signed) email could make you automatically load a page upon receiving it, at least this seems to be the case with Outlook and some other Office applications, according to this paper by Alexander Klink.
He also provides a proof of concept, send a blank email to smime-http@klink.name and you will receive an example email demonstrating this vulnerability.
