Worm:JS/Quickspace.A is a worm that is designed to spread through the profile pages of Social Networking website MySpace. Infected pages are modified to contain links to a Phishing site that asks for the user's logon details and an embedded link to a copy of this worm.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
More information on scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
This will then modify the user's MySpace profile page if it exists. It does so by replacing the legitimate MySpace header with a new one. The new header will still contain the menu for different MySpace functions but will be directed to a fake login site.
The profile page will also be modified to contain an embedded link of the MOV file. The embedded links points to the following paths:
Succeeding visits to this profile page will trigger the worm infection.
The fake login page is redirected with the new replaced header that is designed to appear as a legitimate MySpace login site. However, it is a phishing site that asks for the login details of the MySpace user.
Upon clicking on the submit button, the information will be posted on the following site:
Spam messages may also be sent to users who provide their login details. The spam emails have the following details:
Subject - Any one of the following:
- better see this one last time lol..
- Hehe that was so funny..
- omg did you see this last nite..
- what else is there to do on a Sunday.?.......
- whos coming to the party tonight.?..
- You better not forget about this..
- [a pornographic image that links to an adult themed site]