According to Matthew Wollenweber there is another MySpace worm variant on the loose. Was that really a surprise? It uses a phishing attack to request users enter their username and passwords. I haven’t seen the actual vector yet, so I cannot properly analyze it, but the payload is in the URL and if it gets taken down I’ve made a copy here.
There’s no word as to the number of compromises due to the phishing yet as far as I’ve seen. Worms are becoming pretty prevolant on social networking sites lately, huh? Interesting. We’ll see how this plays out but to me this feels like kitten play, and the beginning of much worse things to come.