Teen uses worm to boost ratings on MySpace.com
It did little damage but could point to broader vulnerabilities, says a security expert
Computerworld - Using a self-propagating worm that exploits a scripting vulnerability common to most dynamic Web sites, a Los Angeles teenager made himself the most popular member of community Web site MySpace.com earlier this month. While the attack caused little damage, the technique could be used to destroy Web site data or steal private information -- even from enterprise users behind protected networks, according to an security services firm.
The unknown 19-year-old, who used the name "Samy," put a small bit of code in his user profile on MySpace, a 32-million-member site, most of whom are under age 30. Whenever Samy's profile was viewed, the code was executed in the background, adding Samy to the viewer's list of friends and writing at the bottom of their profile, "... and Samy is my hero."
"This is an attack on the users of the Web site, using the Web site itself," said Jeremiah Grossman, chief technical officer at Santa Clara, Calif.-based WhiteHat Security Inc.
The worm spread by copying itself into each user's profile. Because of MySpace's popularity -- it had 9.5 billion page views in September, making it the fourth most popular site on the Web, according to comScore Media Metrix -- the worm spread quickly. On his Web site http://namb.la/popular/, Samy wrote that he released the worm just after midnight on Oct. 4. Thirteen hours later, he had added more than 2,500 "friends" and received another 6,400 automated requests to become friends from other users.
"It didn't take a rocket or computer scientist to figure out that it would be exponential, I just had no idea it would proliferate so quickly," Samy said in an e-mail interview posted Friday at Google Blogoscoped. "When I saw 200 friend requests after the first 8 hours, I was surprised. After 2,000 a few hours later, I was worried. Once it hit 200,000 in another few hours, I wasn't sure what to do but to enjoy whatever freedom I had left, so I went to Chipotle and ordered myself a burrito. I went home and it had hit 1,000,000."
Samy also received hundreds of messages from angry MySpace users. He wasn't contacted by officials from Los Angeles-based MySpace, though his account was deleted. MySpace was purchased in July by Rupert Murdoch's News Corp. for $580 million. MySpace didn't return requests to comment.
The attack depended on a long-known but little-protected vulnerability called cross-site scripting (XSS). XSS arises because many Web sites -- apart from static sites that use only simple HTML code -- are dynamic, allowing users to manipulate Web site source
- Deep Security +VMware vSphere with Operations Management Most midsize organizations are highly virtualized on VMware, and while this has produced significant savings, it also has created new challenges when it...
- 3 Questions to Ask Your DNS Host about Lowering DDoS Risks Neustar has had wide-ranging conversations with clients wanting to know how they can optimize protection as DDoS attacks increase in frequency and size.
- The Danger Deepens: 2014 Neustar Annual DDoS Attacks and Impact Report This report compares DDoS findings from 2013 to 2012, based on a survey of 440 North American companies, including 139 businesses delivering technology...
- DDoS Infographic: How Are Attacks Evolving? For the third consecutive year, Neustar surveyed businesses across major industries to track the evolution of DDoS attacks. Are they more frequent? Larger?...
- How to Use Crowd-Sourced Threat Intelligence to Stop Malware in its Tracks Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those...
- An Incident Response Playbook: From Monitoring to Operations As cyber-attacks grow more sophisticated, many organizations are investing more into incident detection and response capabilities. In this webcast, learn how to develop... All Malware and Vulnerabilities White Papers | Webcasts