Luckily it was just myspace. Also, I caught it within 20 seconds.
However, looking at how the attack was constructed, I'm disappointed in myspace's security. One of the things we did at Expedia was to strip all HTML from input, except for a couple of very innocuous cases. In other words, a default
no. It looks like Myspace tries to allow HTML except things they know are dangerous. A default
yes. The latter is far less secure.
Buncha amateurs at Myspace I tell you.
There's a first for everything. I once got a virus on an old computer of mine. Once. Now I've been phished.