[WEB SECURITY] MySpace Flash worm

Jeremiah Grossman jeremiah at whitehatsec.com
Mon Jul 17 12:16:30 EDT 2006

Some bloggers [1] are reporting that a new MySpace worm is making the  
rounds. This one looks like its based on Flash with some AJAX looking  
ActionScript code embedded [2].

"Somebody has managed to hack Myspace.com with a flash based redirect  
that exploits what is apparently a gaping wide hole in the Myspace  
code. If you are signed into Myspace, and you go to a friends page,  
and then find yourself redirected to a blog post containing a  
diatribe about how the United States government is behind the 9/11  
attacks, then your account has been hacked, and everyone who visits  
your page will be infected!! Yes, it’s true, at least for now -  
everybody who visits an infected profile while signed into their  
Myspace account will have their page hijacked!" [3]

Myspace Hack Spreading

How the myspace SWF hack worked

Myspace Hack spreading like wildfire: SPAIRLKAIFS


Jeremiah Grossman
Founder and CTO
WhiteHat Security
The Web Security Mailing List: 

The Web Security Mailing List Archives: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list