Teen Uses Worm to Promote Site


A

Ablang

Teen Uses Worm to Promote Site

Manipulation pushes MySpace site to record hits, but raises security
concerns.

Eric Lai, Computerworld
Tuesday, October 18, 2005

Using a self-propagating worm that exploits a scripting vulnerability
common to most dynamic Web sites, a Los Angeles teenager made himself
the most popular member of community Web site MySpace.com earlier this
month. While the attack caused little damage, the technique could be
used to destroy Web site data or steal private information--even from
enterprise users behind protected networks, according to an Internet
security firm.

The unknown 19-year-old, who used the name "Samy," put a small bit of
code in his user profile on MySpace, a 32-million member site, most of
whom are under age 30. Whenever Samy's profile was viewed, the code
was executed in the background, adding Samy to the viewer's list of
friends and writing at the bottom of their profile, "... and Samy is
my hero."

"This is an attack on the users of the Web site, using the Web site
itself," said Jeremiah Grossman, chief technical officer at WhiteHat
Security.

The worm spread by copying itself into each user's profile. Because of
MySpace's popularity--it had 9.5 billion page views in September,
making it the fourth most-popular site on the Web, according to
comScore Media Metrix--the worm spread quickly. On his Web site, Samy
wrote that he released the worm just after midnight on October 4.
Thirteen hours later, he had added more than 2500 "friends" and
received another 6,400 automated requests to become friends from other
users.

"It didn't take a rocket or computer scientist to figure out that it
would be exponential, I just had no idea it would proliferate so
quickly," Samy said in an e-mail interview posted Friday at Google
Blogoscoped. "When I saw 200 friend requests after the first eight
hours, I was surprised. After 2000 a few hours later, I was worried.
Once it hit 200,000 in another few hours, I wasn't sure what to do but
to enjoy whatever freedom I had left, so I went to Chipotle and
ordered myself a burrito. I went home and it had hit 1,000,000."

Samy also received hundreds of messages from angry MySpace users. He
wasn't contacted by officials from Los Angeles-based MySpace, though
his account was deleted. MySpace was purchased in July by Rupert
Murdoch's News Corp. for $580 million. MySpace representatives didn't
return requests for comment.

Known Vulnerability

The attack depended on a long-known but little-protected vulnerability
called cross-site scripting (XSS). XSS arises because many Web
sites--apart from static sites that use only simple HTML code--are
dynamic, allowing users to manipulate Web site source code.

Web sites and Web browsers such as Internet Explorer and Firefox try
to block such XSS holes, said Grossman. But the vulnerabilities
continue to exist, for which he blames both the browser creators and
the Web site operators.

Standard enterprise network security tools such as firewalls,
antivirus, and Secure Sockets Layer don't thwart XSS and other Web
application attacks because the affected user is already behind his
firewall, said Grossman, whose 14-person firm consults businesses on
how to prevent such attacks.

"The network is pretty locked down. But all of the new attacks are
targeting where nobody is looking--the Web application layer," he
said.

Other Web application-layer break-ins include a case earlier this year
where more than a hundred applicants to Harvard Business School got an
early peek into their admission files by simply modifying the URL
typed into their browser address box. In a more serious phishing
attack last year, someone injected code into SunTrust Banks's Web site
designed to send e-mail from SunTrust's Web site asking account
holders for account details.

Early Example

An early version of an XSS-related vulnerability was discovered in
Hotmail in 2001. That flaw allowed an attacker to send an e-mail with
malformed HTML code to a Hotmail user, whose browser would interpret
the broken commands as legitimate script that would tell the Web site
to steal the user's private information.

Grossman said most such cases go unreported.

While both Firefox and Internet Explorer promise security enhancements
in upcoming versions, Grossman said he doubts they will entirely fix
the XSS problems.

http://www.pcworld.com/news/article/0,aid,123066,tk,dn101805X,00.asp

===
"Computers make it easier to do a lot of things, but most of the things they make it easier to do don't need to be done."
-- Andy Rooney
_________________________________________
Usenet Zone Free Binaries Usenet Server
More than 140,000 groups
Unlimited download
http://www.usenetzone.com to open account
 
Ad

Advertisements

L

Laura Fredericks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The unknown 19-year-old, who used the name "Samy," put a small
bit of code in his user profile on MySpace, a 32-million
member site, most of whom are under age 30. Whenever Samy's
profile was viewed, the code was executed in the background,
adding Samy to the viewer's list of friends and writing at the
bottom of their profile, "... and Samy is my hero."
"When I saw 200 friend requests after the first eight hours, I
was surprised. After 2000 a few hours later, I was worried.
Once it hit 200,000 in another few hours, I wasn't sure what
to do but to enjoy whatever freedom I had left, so I went to
Chipotle and ordered myself a burrito.

ROFLMAO! Is that a great quote, or what? :-D

P.S. Samy is my hero, too.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ8zjz6RseRzHUwOaEQIMMQCfVAd5VmaZQ8ss3JkP4msOcBCW280AoILt
w3o3s/a+DAGfJVPnTlZHf5Hs
=MASR
-----END PGP SIGNATURE-----

--
Laura Fredericks
4Q's "wicked evil bitch of satire, parody, humor and trollism"

PGP key ID - DH/DSS 2048/1024: 0xC753039A

alt.comp.virus photo gallery:
http://www.queenofcyberspace.com/acvgallery/

usenet flamewars:
http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.
 
Ad

Advertisements

D

David H. Lipman

|
| ROFLMAO! Is that a great quote, or what? :-D
|
| P.S. Samy is my hero, too.
|
| -----BEGIN PGP SIGNATURE-----
| Version: PGP 8.1
|
| iQA/AwUBQ8zjz6RseRzHUwOaEQIMMQCfVAd5VmaZQ8ss3JkP4msOcBCW280AoILt
| w3o3s/a+DAGfJVPnTlZHf5Hs
| =MASR
| -----END PGP SIGNATURE-----
|

Definitely !!!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top