Samy worm creator hopes to be online again
Creator of early Web 2.0 malware says he means to use his powers for good
IDG News Service - If Samy Kamkar plays his cards right, he may be allowed to visit MySpace again in just a few months. For the time being, however, he's not even allowed to touch a computer, following a January 2007 guilty plea for creating what many consider to be the first Web 2.0 worm: the Samy worm.
Samy's worm wasn't malicious, but it did force News Corp.'s MySpace social-networking site to shut down in late 2005 after forcing more than 1 million users to declare Samy a "hero" on their profile pages.
Last week, Samy, who is now 21, made his first public appearance since his conviction, attending the OWASP App Sec 2007 conference, hosted by eBay, in San Jose, California. He was treated like a celebrity at the show, but there were some complications. Under the terms of his plea agreement, he can only use computers for work, so he was forced to show slides that he'd dictated to a friend on a computer that was operated by a conference staffer.
It's not easy being a computer geek cut off from computers, but if Samy remains a model parolee, he could be allowed to use computers again in a couple of months. He talked to IDG News Service about what life has been like since his arrest and what he plans to do as soon as he's online again.
IDGNS: What were you thinking when you wrote the Samy worm?
Kamkar: When I wrote the worm, it initially wasn't a worm. Initially I was just trying to spruce up my MySpace profile. I also wanted to show off to a couple of friends, so I thought 'wouldn't it be cool if I did this? What if I made some of these people add me as a friend automatically?' Then I figured, 'what if I made them add me as a hero?' So I wrote a little code and what ended up happening is whenever someone viewed my profile, they would automatically add 'But most of all, Samy is my hero' at the end of their hero section on their profile. And after that, I thought, 'If I can make this person my friend, if I can make myself their hero, couldn't I just copy this code onto their profile?' I didn't think this would be a big deal, so I tried it out. I thought maybe I'll get one friend tomorrow and a few in maybe a few days. It went quickly. Apparently, MySpace is a bigger place than I assumed.
IDGNS: How hard was it to write the worm?
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!