HOW TO: Avoid the QuickTime-MySpace Phishing Scam
If you are logged into MySpace and view a maliciously crafted QuickTime file on someone else’s 
MySpace page, then JavaScript code can automatically change your user profile. The malicious QuickTime file can modify your MySpace page by adding links to fake MySpace pages that collect user names and passwords. The Quicktime file can also copy itself to your MySpace page without your interaction.
Technology News: Security: How to Avoid the QuickTime-MySpace Phishing Scam