« Writing A Modular Universal XSS Worm | Main
Facebook Worm?
Details are sketchy at this point, but is Facebook undergoing an XSS worm attack?
I checked with my Aunt, and she thinks someone may have stolen her password and hijacked her account to send out those messages to all her friends. My brother got a few of these posted to his wall as well from her Account. I also noticed that her status was changed to, “totally hooked on the crush calculator”.
Source: Are We Seeing the First Facebook “Worm”?, via the blog FacebookAdvice.
The Facebook app in question, Secret Crush, has been implicated in spyware installs, so it's conceivable that this "crush calculator" spam is an XSS worm driving installs. I don't have any evidence to support this, however we know that it's possibly vulnerable, in the same way that Orkut and MySpace have fallen victim to XSS worms.
Around the net:
- The First Reported Facebook Worm/Malware Pops Up - Secret Crush, via Darknet
- My name is Zango, I am spyware and I found Facebook applications, via SecuriTeam
March 28, 2008 in new worms | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
