Diminutive XSS Worm Replication ContestA friend pointed this out to me. Evidently the Sla.ckers.org website is hosting a "Diminutive XSS Worm Replication Contest". Their mission: to see who an write a new XSS worm (like the MySpace one, the recent Orkut one, etc).
The goal of the contest is to have a functional web worm in as small a package as possible. From the website:
Okay folks, new small challenge - no prize, just an exercise in programming skill and because I want to see the results. After reading over the XSS worm thread I got to thinking. We haven't, to my knowledge, ever had a diminutive worm writing contest. We've done it for JS injection and for pulling in remote JS but not for worms. You can submit your code to this thread directly (I'd prefer it actually so that others can benefit from what you've done). If that's for some reason not acceptable sent me your code directly and we can figure something out. Either way the winner's code must be posted in this thread. Actual cutoff to submit is Thursday the 10th of January at 7PM GMT.Source: Diminutive XSS Worm Replication Contest, from the sla.ckers.org forums.
A turma do Hacker conhecido por Octane [F/X] , formada por Octane [F/X], Klay Gomes e Rodrigo Lacerda conseguiu mais uma vez.
Foi desenvolvido por eles ontem um worm que está se alastrando pelo Orkut,
A vulnerabilidade está em um XSS obitido nos albuns de fotos,
não é precido clicar em nada suspeito, basta apenas olhar a foto e estará infectado.
O worm adiciona você em varias comunidades, deixa scraps pra eles, posta recados nas comunidades, adiciona você como amigos, bastando eles aceitarem posteriormente, e muito mais, alem de trocar sua foto do profile pela do grupo, tudo sem vc perceber, até estar infectado, apos isso o worm se reproduz infectando suas outras fotos, dai quem olhar vai se contaminar, e isso vai se alastrando por todo orkut.
para testar a veracidade, criem um profile qualquer.
apos isso acessem a foto infectada pelo Octane [F/X] aqui
usem o FireFox pois o Opera e agumas versões do IE ainda estão seguras, mas com firefox vc será infectado
Suspeita-se que Octane [F/X] seja o Sabotai Rox, que semana passada trocou o nome das maiores comunidades do Orkut
Até a presente data o worm está ativo e se alastrando
A unica medida de segurança por enquanto é não olhar fotos no orkut até que tudo seja resolvido
Posted by: RedBlaster | Sep 30, 2008 4:42:10 PM
Although your article comparison sounds interesting but i'm not sure if i could agree with you in 100%
Posted by: TeacherForex | Mar 28, 2009 4:02:10 PM
I just want to let you know that I have benefited from the information here. Thanks a lot.
Posted by: TraderForex | Mar 29, 2009 2:03:14 AM
Keep your computer running like new.
Have you been searching for a great antispyware to keep your computer running like new? If so, you will be happy to know that there are some great options out there. I have tried many different types of antispyware only to find that the majority of them find the exact same types of bugs. The biggest difference that you will find between all the different types of antispyware offered is the price. Search-and-destroy Antispyware is an excellent choice that can be purchased at a lower price than many of the other options available. If you are interested in discovering the benefits offered from antispyware solution from Search-and-destroy visit http://www.Search-and-destroy.com to learn more.
Posted by: Rubena | Apr 25, 2009 5:27:55 AM
Thanks for posting about this, I would love to read more….
Posted by: behlize | Dec 24, 2010 6:30:35 PM
There are a lot of motivating views and opinions. I think that you certainly discovered an significant fact……………….
Posted by: cheap santana tickets | Aug 29, 2011 3:39:11 AM
I guess I am not the only one having all the enjoyment here! Keep up the good work.
Posted by: advice quotes | Sep 14, 2011 8:20:52 AM
This is one of the best blogs I’ve ever read. I m absolutely excited to get to read such a well blog. The amount of data that I get is truly great. This is an good masterpiece. I am truly impressed. I would love to read more of your blogs. Please sustain posting. Keep up the good work.
Posted by: hip joint pain | Sep 27, 2011 2:45:29 AM
that bl0g is really effective for the solution of tech disadvantages and other problems
Posted by: Christmas Seafood Recipes | Nov 29, 2011 1:41:42 AM
I have gone through your blog it was really very informative. This sort of XSS worm will definitely give us some pointers.
Posted by: Security Gates | Jan 3, 2012 4:10:31 AM
I never get jealous when I see my ex with superstar else, because my parents always taught me to give my used toys to the less chance.
Posted by: immigration lawyer toronto, | Jan 12, 2012 7:34:25 AM
A friend pointed this out to me. Evidently the Sla.ckers.org website is hosting a "Diminutive XSS Worm Replication Contest"
Posted by: Testking 642-813 | Jan 27, 2012 6:52:14 AM
The comments to this entry are closed.