Britney Spears, Apple's Quicktime and New Spam Attacks

The SANS Internet Storm Center says Apple's Quicktime 7.3 update fixed "a number of serious vulnerabilities," including:

The Quicktime flaw wasn't just an idle issue, either. Spammers have been specifically pinpointing softness in Quicktime -- and using Britney Spears as a weapon of attack. The folks at Marshal TRACE report:

The email contains a link to web site that shoots "Obfuscated Javascript" in an IFramewhich, Marshal TRACE says, "detects if, and what versions of, the Apple QuickTime plug-in is installed. Another hidden IFrame is created containing an embedded object that embeds a QuickTime object that exploits an Apple QuickTime RTSP URI Buffer Overflow Vulnerability allowing the attacker to run commands on the victims PC."

The advice they provide: don't click links in unsolicited email, especially containing references to celebrities who have been in the headlines of the day. Well, yeah. That certainly sounds like a no-brainer (at this point, it's probably not even advisable for Britney to click open her own email), until you realize the spammers must keep using this tactic because it works.