Worm:JS/Quickspace.A is a worm that is designed to spread through the profile pages of Social Networking website MySpace. Infected pages are modified to contain links to a Phishing site that asks for the user's logon details and an embedded link to a copy of this worm.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
This will then modify the user's MySpace profile page if it exists. It does so by replacing the legitimate MySpace header with a new one. The new header will still contain the menu for different MySpace functions but will be directed to a fake login site.
The profile page will also be modified to contain an embedded link of the MOV file. The embedded links points to the following paths:
Succeeding visits to this profile page will trigger the worm infection.
The fake login page is redirected with the new replaced header that is designed to appear as a legitimate MySpace login site. However, it is a phishing site that asks for the login details of the MySpace user.
Upon clicking on the submit button, the information will be posted on the following site:
Spam messages may also be sent to users who provide their login details. The spam emails have the following details:
Subject - Any one of the following: