A worm that is taking advantage of a security hole in QuickTime is spreading on the MySpace website, according to anti-virus firm, F-Secure .

F-Secure has received numerous reports from MySpace users who have suddenly discovered that their profiles have been changed.

After investigating the reports, it was discovered that a worm using a security hole in QuickTime is spreading on the popular social networking website. The worm captures users' login details and changes their personal profiles to link to various phishing websites.

If an Internet Explorer user accesses a manipulated MySpace webpage, a QuickTime file is loaded. The file contains a JavaScript which changes the user's MySpace page. When the user's contacts visit the fake page, the same thing happens to them.

"The final target seems to be to steal MySpace logins in mass quantities," writes F-Secure's director of anti-virus research, Mikko Hyppönen, on the company's blog .

Login details stored

The user's login details are also stored and used to spam other MySpace users, the Spywareguide blog reports.

Graham Cluley, senior technology consultant at security firm Sophos , said although the worm spreads via QuickTime, the media player isn't infecting users as such.

"A link can be embedded in QuickTime and, if malicious, it will take the user to a potentially dangerous website, such as a phishing site. In turn, that malicious website may infect the user with a virus or worm."

Cluley advised users to be aware of what websites they visit, especially if taken to a site by a program such as QuickTime. It is essential for web users to keep their browser, firewall and anti-virus software up to date in order to stay safe online, he added.