Samy (XSS)
From Wikipedia, the free encyclopedia
Samy (also known as JS.Spacehero)[1] was a cross-site scripting virus[2] developed to propagate across the MySpace social-networking site. At the time of release it gained significant media attention.
MySpace filed a lawsuit against the virus creator, Samy Kamkar. He entered a plea agreement, on January 31, 2007, to a felony charge.[3] The action resulted in Kamkar being sentenced to three years probation, 90 days community service and an undisclosed amount of restitution.
The virus carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile. When a user viewed that profile, they would have the payload planted on their page. Within just 20 hours[4] of its October 4, 2005 release, over one million users had run the payload,[5] making Samy one of the fastest spreading viruses of all time.[6]
Execution of the payload resulted in a "friend request" automatically being made to the author of the virus and in messages containing the payload being left on the profiles of the friends of the victim.
[edit] References
- ^ JS/Spacehero-A, Sophos threat analysis. Sophos.
- ^ Alcorn, Wade (2005-09-25). The Cross-site Scripting Virus. BindShell.Net.
- ^ Mann, Justin (2007-01-31). MySpace speaks about Samy Kamkar's sentencing. Techspot.com.
- ^ MySpace Worm Explanation
- ^ Cross-Site Scripting Worm Floods MySpace. Slashdot.
- ^ http://www.whitehatsec.com/downloads/WHXSSThreats.pdf
[edit] External links
- Samy Worm Analysis
- An interview with Samy
- Technical explanation of the MySpace worm
- slashdot.org discussion
- Information on Samy Kamkar case
 |
This malware-related article is a stub. You can help Wikipedia by expanding it. |
