I got a comment on myspace with the text:
LOL you gotta see the new pics on her profile.
and a link to:
which is a domain in china, registered thusly.
It looks like the standard MySpace login page. Because MySpace is retarded and throws up login pages all the time at you, most users will assume this is valid. I assume at that point it steals your password and propagates the worm.
Perhaps on some machines it installs malware as well?
I’ll skip the pay-attention-to-your-URL’s preaching, and suggest that writing buggy webapps puts your users at risk by teaching them bad habits.