This worm attack is used involving a MySpace
vulnerability that was announced two weeks ago. "The vulnerabilities are being used to replace the legitimate links on the user's MySpace profile with links to a phishing site."
Once a user's MySpace profile is infected (by viewing a malicious embedded QuickTime video), that profile is then modified by changing the links in the user's page so that they are linked to a phishing site, and a copy of the malicious QuickTime
video is embedded into the user's site. Any other users who visit this newly-infected profile may have their own profile infected as well."