Using a link like downloading movies, the new worm leads users to a pornographic site.
Boyd said the new worm has drilled into Apple's vulnerability in QuickTime multimedia software. It all starts when users visit a deeply infected MySpace profile. The worm will automatically download the JavaScript code and insert the menu inside the MySpace profile using a dummy menu.
If the user clicks on any of the options within the dummy menu, they will be directed to a fake login login page on another server. Here, all their login information will be collected by hackers.
In addition, this worm also causes a further harm: It will spread spam to everyone who is on the victim's contact list. Inside the spam there is a link that looks very much like a movie that is eating, but in fact, it leads you to a pornographic website that contains adware.
Although users can remove this worm manually from their profile, only a few hours later, it will be able to return in case their friends are infected. In addition, the worm has just spawned several variations.
MySpace has yet to comment on this information.
Trong Cam