[FoRK] /. [Cross-Site Scripting Worm Floods MySpace]

Eugen Leitl eugen
Fri Oct 14 09:33:26 PDT 2005


A million pwned machines, that would have fetched a pretty penny.

Link: http://slashdot.org/article.pl?sid=05/10/14/126233
Posted by: Zonk, on 2005-10-14 13:25:00

   DJ_Vegas writes "One clever MySpace user looking to expand his buddy
   list recently figured out how to force others to become his friend,
   and ended up [1]creating the first self-propagating cross-site
   scripting (XSS) worm. In less than 24 hours, 'Samy' had amassed over 1
   million friends on the popular online community. According to
   BetaNews, the worm's code utilized XMLHTTPRequest - a JavaScript
   object used in AJAX Web applications and was spreading at a rate of
   1,000 users every few seconds before MySpace shut down its site.
   Thankfully, the script was written for fun and didn't try to take
   advantage of unpatched security holes in IE to create a massive
   MySpace botnet."

References

   1. http://www.betanews.com/article/CrossSite_Scripting_Worm_Hits_MySpace/1129232391

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE



More information about the FoRK mailing list