FRISK Software International

Summary of JS/Quickspace.A
Alias:JS/QSpace, Worm.Win32.Ofigel.a
Discovered: 7 Dec 2006
Definition files: 7 Dec 2006
Jump to:
Brief description
Technical description
Removal Instructions

Brief Description
Quickspace.A is a worm that spreads through MySpace profiles pages by exploiting a feature called HREF track in QuickTime. It modifies links on the infected user's profile pages with links to Phishing websites which tricks people into giving up sensitive information such as log-in credentials.

Users who successfully visited these infected MySpace profile page will activate the infection.

Technical Description
The infected site contains a malicious QuickTime MOV (detected as JS/Quickspace.A) file. When executed, it will run a malicious JavaScript code which replaces a legitimate user's MySpace profile header with the new one. When viewed, the new header is redirected to a fake login page that request for user's login credentials.

Users who provide such information may also receive spam messages with the following details:

Subject - Any one of the following:

better see this one last time lol..
Hehe that was so funny.. 
omg did you see this last nite.. 
what else is there to do on a Sunday.?....... 
whos coming to the party tonight.?.. 
You better not forget about this.. 


[a pornographic image that links to an adult themed site]

Removal Instructions
For general removal instructions please click here.


Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Virus news and information directly to your desktop.
Definitions of common antivirus terminology.
For further virus information, please try our partners' websites:


perComp Verlag
(in German)