Phishing worm rips through MySpace

A malware-infected video file is plaguing MySpace users

MySpace users are being warned to be on their guard after security experts discovered a malware-infected video file designed to steal personal information from subscribers.

A worm has been embedded in a Quicktime MOV file which, when viewed using Internet Explorer, can enter the user's PC as a JavaScript file (js.js).

The worm alters the user's MySpace page to spread itself, and redirects any attempts to log-in to a plausible looking fake site.

"If your page has been affected you will see a strange blue navigation bar," said Chris Boyd, director of malware research at FaceTime Communications.

"If this is the case, you will need to clean out your profile and check if any of your friends have been infected. If they are, you will continue to be infected most likely via the friends list itself."

FaceTime warned that even when users remove the fake navigation bar from their page, it comes straight back if one of their friends is infected.

"It looks like the friends list is being exploited in much the same way that the Orkut worm used a similar feature to spread," said Boyd.

Once installed the worm sends spam to everyone on the user's contact list. The spam comes with one of the following headers:

better see this one last time lol
Hehe that was so funny
omg did you see this last nite
what else is there to do on a Sunday?
whos coming to the party tonight?
You better not forget about this

The spam contains a fake movie file page which directs anyone clicking on it to a pornography site called Vidchicks, which is loaded with Zango adware. The virus creator presumably receives a bounty for every piece of adware downloaded.

• Browser flaw leaves passwords vulnerable
• Universal hits MySpace with copyright claim
• Windows hit by 'extremely critical' zero-day flaw