[WEB SECURITY] MySpace Flash worm

Will Jefferies wjefferies at fncinc.com
Mon Jul 17 17:05:42 EDT 2006


A friend of mine alerted me to the worm after he hit it yesterday.  The
interesting part is that Symantec antivirus already catches it.  

Will

-----Original Message-----
From: Jeremiah Grossman [mailto:jeremiah at whitehatsec.com] 
Sent: Monday, July 17, 2006 11:17 AM
To: Web Security
Subject: [WEB SECURITY] MySpace Flash worm

Some bloggers [1] are reporting that a new MySpace worm is making the  
rounds. This one looks like its based on Flash with some AJAX looking  
ActionScript code embedded [2].

"Somebody has managed to hack Myspace.com with a flash based redirect  
that exploits what is apparently a gaping wide hole in the Myspace  
code. If you are signed into Myspace, and you go to a friends page,  
and then find yourself redirected to a blog post containing a  
diatribe about how the United States government is behind the 9/11  
attacks, then your account has been hacked, and everyone who visits  
your page will be infected!! Yes, it's true, at least for now -  
everybody who visits an infected profile while signed into their  
Myspace account will have their page hijacked!" [3]


Myspace Hack Spreading
http://seoblackhat.com/2006/07/16/myspace-hack-spreading/

How the myspace SWF hack worked
http://kinematictheory.phpnet.us/

Myspace Hack spreading like wildfire: SPAIRLKAIFS
http://chaseandsam.com/2006/07/myspace-hack-spreading-like-wildfire.html



Regards,

Jeremiah Grossman
Founder and CTO
WhiteHat Security
www.whitehatsec.com
------------------------------------------------------------------------
----
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Confidentiality Notice: This message is for the sole use of the intended recipient(s).
It may contain confidential or proprietary information and may be subject to the
attorney-client privilege or other confidentiality protections. If this message was
misdirected, neither FNC Holding Company, Inc. nor any of its subsidiaries waive any
confidentiality, privilege, or trade secrets. If you are not a designated recipient,
you may not review, print, copy, retransmit, disseminate, or otherwise use this message. 
If you have received this message in error, please notify the sender by reply e-mail 
and delete this message.

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list