1. Computing

Qspace Javascript Worm Targets MySpace Users

By

December 4, 2006

MySpace users are yet again a victim of another adware attack. Dubbed JS_QSPACE.A by antivirus vendor Trend Micro and JS.Qspace by Symantec, the Javascript worm exploits a cross-site scripting (XSS) vulnerability embedded in a malicious Quicktime .MOV file. Viewing the profile of an affected user results in a redirection to a phishing site, which instructs the visitor to login to view the movie. Once the visitor has supplied their MySpace credentials, their profile is then modified to dish up the same movie and everyone on their contact list is then automatically sent one of the following messages:


  • Hehe that was so funny..
  • You better not forget about this..
  • better see this one last time lol..
  • omg did you see this last nite..
  • what else is there to do on a Sunday.?.......
  • whos coming to the party tonight.?..
  • The message also reportedly includes a pornographic picture which, when clicked, leads to Vidchicks.com, an 'adult' website that also dishes up Zango adware. Links on the MySpace user's header bar are also replaced with links pointing to the phishing site, perpetuating the infection potential.

    Though antivirus vendors are recommending users close all browser windows and scan their systems with up-to-date antivirus software, removing files from the temporary Internet folder isn't the answer. (Though it's a good idea). Rather, affected MySpace users will need to check their profiles and their MySpace pages, removing any embedded HTML tags pointing to almobty.com and www.cake.fi.

    Of course, if you were infected, those on your friends' list likely may have been as well. If so, cleaning up needs to be a team effort. Temporarily remove any infected friends from your friend list until they have also cleaned up their pages.

    1. About.com
    2. Computing
    3. Antivirus Software
    4. Malware Information
    5. Qspace Javascript Worm Targets MySpace Users

    ©2014 About.com. All rights reserved.