- Using Quicktime to Spam in P2P Land
Quicktime's "HREFtracks" feature (a method used to embed url links into moviefiles that will open at a specific point in time) is being used by an enterprising individual to pop open adverts for adult dating services from movie files obtained via P2P Networks. The HREFtrack feature contains URL information that can be opened interactively or automatically, and in this case, files found on the Gnutella network are using this functionality (here's an example of someone getting hit while using Limewire). From the Quicktime site:
In the example we have below, the movie file is called "Sex Monica Bellucci Malena". Of course, opening the movie up reveals something entirely different - what appears to be someone dancing to music:
About three quarters of the way through the clip (once it hits the "trigger"), an affiliate link for Adultfriendfinder.com pops open via your browser (in this case, Firefox):
The observant people out there will have noticed the videoclip in the above screenshot is still at the start - that's simply because by the end of the clip, most of her clothes have fallen off. If you wind the videoclip back and forth with your mouse, you'll continue to repeatedly pop open the same advert manually as you scroll. Of course, the HREFtrack feature is simply doing what it's supposed to do - the interesting thing here is the possibility for someone to use it in a more malicious way. You could pop open a link to a drive-by website that tries to install software without the end-user's permission, or how about a fake "promotional video" for a bank that pops open a "security check" Phishing page? There's a lot of possibilities with this one, and we should probably be thankful that people are currently only using this to spam affiliate links. It probably won't be long until someone pushes the leet hax0r button and things start to go pear-shaped...
Blog Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research: Vinayak Palankar, Software Engineer