MySpace XSS QuickTime Worm

Websense® Security Labs has confirmed the existence of a worm spreading on the MySpace network. This worm is exploiting the Javascript support within Apple's embedded QuickTime player. This is used in conjunction with a MySpace vulnerability that was announced two weeks ago on the Full-Disclosure mailing list. The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site.

Read the article HERE.