Myspace-qucktime-zango phishing worm

Several sites are reporting a worm infecting Myspace profiles and attempting to phish passwords through the use of javascript in Quicktime files. The vulnerability sounds similar to the Word URL autolaunch vulnerability or the same problem in Adobe.
An exploited user profile in Youtube will contain a Quicktime file. The Quicktime will likely play without user interaction when they go to the webpage. This will use javascript to open a popunder and also infect your Youtube profile if you have one.
More info is available:
F-Secure Weblog