F-Secure has received numerous reports from MySpace users who have suddenly discovered that their profiles have been changed.
After investigating the reports, it was discovered that a worm using a security hole in QuickTime is spreading on the popular social networking website. The worm captures users' login details and changes their personal profiles to link to various phishing websites.
"The final target seems to be to steal MySpace logins in mass quantities," writes F-Secure's director of anti-virus research, Mikko Hyppönen, on the company's blog .
Login details stored
The user's login details are also stored and used to spam other MySpace users, the Spywareguide blog reports.
Graham Cluley, senior technology consultant at security firm Sophos , said although the worm spreads via QuickTime, the media player isn't infecting users as such.
"A link can be embedded in QuickTime and, if malicious, it will take the user to a potentially dangerous website, such as a phishing site. In turn, that malicious website may infect the user with a virus or worm."
Cluley advised users to be aware of what websites they visit, especially if taken to a site by a program such as QuickTime. It is essential for web users to keep their browser, firewall and anti-virus software up to date in order to stay safe online, he added.