An issue with how QuickTime handles JavaScript in conjunction with a MySpace vulnerability is spreading through the popular social networking site, security firm Websense reports.
The video and the associated script will change links within the infected user's profile to links to phishing sites. In addition, it places itself on the profile in order to infect others. Viewing the video on another's MySpace profile would infect the viewers own, the firm said.