More information on SL hack

More information is being released from people outside of Linden Lab on this exploit.  Symantec has a warning up on this exploit at their site: 

Exploit for Apple QuickTime Vulnerability in the Wild

This definitely looks like a classic two pronged exploit leveraging a weakness in the Quicktime client to redirect a user to a hidden malicious website to silently install exploited code which is then used to execute the SL exploit of transferring L$ and/or objects in world.  I suspect this exploit will be utilized primarily on porn sites rather than within SL.  From this alert, it appears that they only have one confirmed instance of this exploit in the wild at this time. 

It is unfortunate that this has emerged now, as it can only further bruise the image of Second Life if we get this running in-world.  Linden Lab keeps stating that Quicktime is the point of vulnerability, but I suspect that the Second Life client is at least partially at fault here, as it’s after the exploit is executed that the remote controlling of the client is performed.  Hard to tell in the vacuum of information right now on this issue.  We’ll have to see what other information is released by Linden Lab in the weeks to come.  Turning off Quicktime is really going to kill some of the environment of SL in the meantime. 

Look to the end of the above linked article for steps you can take on your computer to lessen your vulnerability to this exploit. 


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s