A Los Angeles teenager has used a self-propagating worm that exploits a scripting vulnerability to make himself the most popular member of community Web site MySpace.com. The attack caused little damage, but security professionals are concerned that it could be used to destroy Web site data or steal private information.

The unknown 19-year-old, who used the name "Samy," put a small bit of code in his user profile on MySpace, a 32-million member site, most of whom are under age 30. Whenever Samy's profile was viewed, the code was executed in the background, adding Samy to the viewer's list of friends and writing at the bottom of their profile, "... and Samy is my hero."

"This is an attack on the users of the Web site, using the Web site itself," said Jeremiah Grossman, chief technical officer at WhiteHat Security.