MySpace, which has had its share of controversy this year, has suffered a serious worm attack which exploits the Javascript script code of the Apple QuickTime player to lure users into a phishing trap.
MySpace tries to weed out sex offenders
Nowhere to hide: malware will get you sooner or later, say McAfee
Nike+iPod = Big Brother?
The worm causes users to click on faked links on a MySpace profile which directs them to a phishing site which attempts to get users to enter their MySpace login details.
If they fall into the trap, users download spyware and a malicious embedded Quicktime video.
Other [highlight]MySpace users can then get infected simply by visiting an infected user's profile.[/highlight]
Javascript code and its variants such as AJAX, which execute applications on client computers, is an increasingly important part of the Web 2.0 services revolution, but has been criticised by many security experts as a target for attackers to worm their way into unsuspecting target computers.
MySpace has reportedly asked Apple to fix the Javascript vulnerability in QuickTime.