XSS worm hits Myspace.com
2005-10-19
A self-propagating cross-site scripting (XSS) worm affected a million profiles on Myspace.com earlier this month, and security experts are concerned this could be the start of a new trend.
The process began when a Myspace.com user, going by the name of “Samy” placed Javascript code in his profile. When other Myspace.com users would view Samy’s profile, the code would initiate a background request (via Ajax) to add Samy to that user’s friend list – bypassing the typical approval process. The next step in the process made the code self-replicating. This involved parsing out the code being executed and copying it to the viewing user’s profile. The process would then repeat at the next view of the newly infected user’s profile, according to an interview with Samy on Google Blogoscoped.
The spread of the virus limits itself to the Web site and can essentially create a denial-of-service attack, because of the exponential growth of the attacker's friends list, Adam Biviano, a senior systems engineer at Trend Micro Australia, told ZDNet News.
Although the worm is not a risk to other sites, site administrators would be wise to keep a close eye on potential XSS vectors, as the threat from worms that use community sites is only increasing.