QuickTime worm uses MySpace to spread

Security researchers warned over the weekend that a QuickTime worm written in Javascript had started to spread among MySpace users.

The worm, dubbed JS/Quickspace.A by antivirus firm F-Secure and JS.QSpace by security firm Symantec, uses an cross-site scripting flaw in MySpace to execute a Javascript program embedded in a blank QuickTime movie file. The worm redirects the user to a phishing page made to look like MySpace's login page.

"The case looked like simple MySpace phishing, but it wasn't obvious to us how the profiles were modified," Mikko Hyppönen, chief research officer for F-Secure, stated on the company's research blog. "After investigating a bit further, it seems that we have a MySpace worm on our hands, using a malicious Quicktime MOV file to spread."

MySpace users that give their credentials to the phishing site may find their account used for a spam attack that links to a pornographic movie site. Movies viewed on that site could result in Zango adware being installed on a victim's system, according to SpywareGuide.com.

The attack comes as security experts are increasingly warning about the dangers of sites that host user-created content. In particular, features of movie files that allow certain types of scripting have become a popular way to launch malicious software attacks. Web worms that use cross-site scripting flaws on sites such as MySpace are increasingly a worry.

MySpace could not immediately be reached for comment on the attack.