When a logged-in MySpace user goes to another member's "About me" page affected by the ACTS.Spaceflash worm, they are quietly redirected to a URL that holds a malicious Macromedia Flash file, the security company said in an advisory on Spaceflash Tuesday. That file, in turn, will replace the visitor's own "About me" page with one that is compromised.
"It's an annoyance, at this point, for users, but the capability exists where it can lead to malicious actions and steal sensitive information," said Dean Turner, senior manager of Symantec, which currently rates the Spaceflash threat as low.
Figures were not readily available on the number of MySpace users who were infected by the worm, Turner said.
The worm takes advantage of the way Adobe Systems' Macromedia Flash technology, used to display media on the Internet, handles its action scripting for movies and music.
"Adobe recognized this vulnerability in Flash 8 and fixed it in its latest version, which is why we're urging all members to upgrade to Flash 9," Hemanshu Nigam, the chief security officer of MySpace, said in a statement.
Symantec is advising MySpace users to disinfect their "About me" page by deleting a specific line of code, or to disable their use of JavaScript on MySpace.com to mitigate the problem.
Content uploaded to MySpace and other social-networking sites needs to be validated and vetted by the Web site operators to ensure users do not infect each other, Turner said.
The Spaceflash worm is not the first to hit MySpace. Last fall, it was hit by the Samy worm, which added a million users to the friends list of the worm's author.
