Samy is my hero (not)
Users viewing the infected QuickTime video on Internet Explorer or Firefox found that video had been added to their profile page and that existing links on the profile page had been replaced with fraudulent ones.
Users viewing the infected QuickTime video on Internet Explorer or Firefox (Apple's Safari isn't vulnerable) found that video had been added to their profile page and that existing links on the profile page had been replaced with fraudulent ones. Even if you didn't click the video, the links on the infected profile page might have seduced some users into offering their MySpace login information to a third party by mistake. It is possible that this information could be used for advertising or that this whole experience is just another working proof-of-concept for some larger attack down the road. F-Secure says that it has also seen spam associated with the Quickspace worm, and other security sites are noting an increase in spyware installations, as well.
Who's to blame?