« Dasher.C Now In The Wild | Main | Dasher Analysis and Thoughts »
New MySpace XSS worm circulating
According to Xavier's Security Post, there's a new MySpace worm on the loose, again using various XSS holes in the MySpace online community site. According to Xavier's information:1) The attack starts with an Embedded .swf Flash file.An interesting mechanism combining multiple vulnerabilities together to propagate a worm.
2) The flash file uses ActionScript to send a simple GET request to an UNSANITIZED (whew, embarrassing on MySpace’s part) variable by the name of TheName.
3) the GET request in #2, then loads a remote .js script.
4) the remote .js script then uses XML http send commands to execute the malicious part of the worm — changing first, last, and display names with “g0dOfTheN00se” and injects the malicious .swf file into several parts of the profile, including television.
It looks like this is fast becoming a trend. I haven't seen more than a few of these online community and game sites hit, why haven't more been hit? Is it just a matter of time, or is there really no method to spread like this in Orkut (or another site)?
December 18, 2005 in new trends, new worms | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
I don't know much about the "technology" of malware ( worms, adware, viruses etc) but I want to comment on something very nasty that I came across today.
I noticed that Myspace.com was the "top Gainer" on Google's 2005 search hit list so I decided to visit the site. In the games section they had a "feature" game for the day called Crazy Coins. I tried out the game (which was difficult in itself because it was designed to make you download it). Anyway after a few minutes I suddenly got a pop-up saying I had a registry problem and that I needed to run a program called winfixer. The popup was designed to look like a Microsoft system dialogue window. I tried to close the popup but this only led to some other windows and more popups. It was the worst kind of slimy Marketing I have ever come across. Fortunately I seem to have escaped without downloading anything, but I am sure that thousands of people are going to get caught by this.
I guess I should have seen the warning signs that Myspace.com is a treacherous site when I saw one of those horrible flashing spam ads on their home page "Warning - Error X AN error has occurred on your computer".
When I checked out what this "Winfixer" was all about I couldn't find much on the web but it appears to be a VERY SLIMY company that creates deliberate system/registry problems on your computer so that you have to buy their product to get rid of the problems it creates in the first place. There also seems to be another shady subindustry building up around getting rid of Winfixer.
My warning is to beware of both Myspace.com and the very slimy companies it seems to be promoting.
Posted by: Budsy | Jan 11, 2006 8:37:14 PM
Winfixer is a virus. I had it not too long ago and almost had to reinstall Windows. Close the popup. Do not click it at any cost. But anyway, Winfixer is not related to Myspace.com.
Posted by: SlimTim10 | Feb 3, 2006 7:09:40 PM
I heard there will be alot better security on there new myspace site. Rumor has it that myspace is coming out with a better version of there site on another domain name starting march 1st it will be another social networking community site with alot more features. I guess to stay ahead of other sites coming out like myspace.com also i heard it will be called www.FriendWise.com i guess well just have to see if friendwise happens.
Posted by: myspace | Feb 12, 2006 10:51:24 PM
hey, well somthing strange happened to me yesterday. i went on myspace just for a couple minutes to see what my viruses were coming from. as soon as i loged off myspace i had 7 new critical viruses. however my buddy has been using this site for 2 years and hasnt had a single problem. but im more than positive it fucked with my computer. basically id like some answers. this site is very fun and cool but i wont use it at the cost of my computer. so if anyone can relate to what im talking about email me on alright.
Posted by: josh | May 26, 2006 3:30:39 PM
Rumor has it that http://www.friendsnest.com is coming out with a better version November 20th
Posted by: brian cliff | Oct 5, 2006 12:16:25 AM
I'm begining to think myspace has caused my computer some serious problems as well. As of today, I cannot even log onto myspace becuase it says that "The server is redirecting the request for this address in a way that will never compete" and that the problem can sometimes be caused by disabling or refusing to accept cookies. I haven't done anything of the sort.
As of today, my computer has also been shutting down by itself. I've only had my computer for several years and it was doing well previously.
Posted by: Emily | Feb 3, 2007 1:22:38 AM
does anyone have problems after visting you tube? I had my computer one day and after that my comuter began kicking out of common pages like Ebay or ESPN i can get to there home page yet if i click on any articals it tells me this page cannot be displayed can anyone help me?
thank you
Posted by: shane | Dec 17, 2007 11:25:01 PM
