Create an Account
username: password:
 
  MemeStreams Logo

BetaNews | Cross-Site Scripting Worm Hits MySpace
search
Home Agent Weblogs Social Network Post Help About

Rattle
Picture of Rattle
Rattle's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Rattle's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
  Music
Business
  Tech Industry
  Telecom Industry
Games
Health and Wellness
Holidays
Miscellaneous
  Humor
  MemeStreams
   Using MemeStreams
Current Events
  War on Terrorism
  Elections
Recreation
  Travel
Local Information
  SF Bay Area
   SF Bay Area News
Science
  Biology
  History
  Nano Tech
  Physics
  Space
Society
  Economics
  Futurism
  International Relations
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
  Military
  Security
Sports
Technology
  Biotechnology
  Computers
   Computer Security
    Cryptography
   Cyber-Culture
   PC Hardware
   Computer Networking
   Macintosh
   Linux
   Software Development
    Open Source Development
    Perl Programming
    PHP Programming
   Spam
   Web Design
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!


 
BetaNews | Cross-Site Scripting Worm Hits MySpace
Topic: Computer Security 11:12 pm EDT, Oct 14, 2005

One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, "Samy" had amassed over 1 million friends on the popular online community.

MySpace has gotten hit with the first XSS worm to target social networking sites. Here is some analysis from Acidus:

Basically the worm was XSS embedded in someone’s profile on MySpace. When someone would view the profile, they would execute the Javascript in their own browser. The payload of the XSS was Ajax which would make GET and POST requests to MySpace, adding the XSS Payload to that user’s profile. This spreads the worm!

As with most worms using a new attack vector, this was harmless, adding the message “samy is my hero” to each infected profile along with the XSS payload.

Acidus has also posted the source code of the XSS Payload, and says he plans to post a more detailed analysis later.

BetaNews | Cross-Site Scripting Worm Hits MySpace

Thread [7] - Reply


  
 
Powered By Industrial Memetics		RSS2.0