It seems that Myspace users are the target of a worm that is modifying their Myspace profiles to allow it to spread to other users.

Initially it looks on the face of it like a simple Myspace phishing scam, however as you delve deeper it is a little more complex with a worm using javascript and a malicious Quicktime MOV file to spread.

The worm alters the profile of the Myspace user to inject CSS into the header of the Myspace users page to drop links to a phishing setup hosted on a number of sites, setup to steal details of the Myspace users.

The Myspace profile is also altered to include an embedded MOV file called 'piAF2iuswo.mov', which when the page is viewed with Internet Explorer and potentially Firefox it will be downloaded. The file contains Javascript code that is executed and will download a Javascript file called 'js.js', which then is executed and it is this Javascript that does the work of altering your Myspace profile.

It seems there are a couple of versions of the Quicktime file out there and it is starting to get picked up by Anti-Virus vendors.

To clean up it is recommended that you first ensure that your PC is clean, then reset your Myspace profile to defaults and rebuild. Once done, the resulting Myspace web page source should be checked for signs of the embedded Quicktime file and ensure the Navigation bar does not point to anything other than Myspace.

Add this page to your favorite Social Bookmarking websites