Samy (computer worm): Difference between revisions
r |
No edit summary |
||
| Line 2: | Line 2: | ||
'''Samy''' (also known as '''JS.Spacehero''') is a [[XSS worm]] that was designed to propagate across the [[MySpace]] social-networking site written by [[Samy Kamkar]]. Within just 20 hours<ref name="namb.la">{{cite web|url=http://namb.la/popular/tech.html|title=MySpace Worm Explanation}}</ref> of its October 4, 2005 release, over one million users had run the payload<ref>{{cite web|url=http://it.slashdot.org/it/05/10/14/126233.shtml?tid=172&tid=95&tid=220|publisher=[[Slashdot]]|title=Cross-Site Scripting Worm Floods MySpace}}</ref> making Samy the fastest spreading [[Computer virus#Cross-site scripting virus|virus]] of all time.<ref>http://net-security.org/dl/articles/WHXSSThreats.pdf</ref> |
'''Samy''' (also known as '''JS.Spacehero''') is a [[XSS worm]] that was designed to propagate across the [[MySpace]] social-networking site written by [[Samy Kamkar]]. Within just 20 hours<ref name="namb.la">{{cite web|url=http://namb.la/popular/tech.html|title=MySpace Worm Explanation}}</ref> of its October 4, 2005 release, over one million users had run the payload<ref>{{cite web|url=http://it.slashdot.org/it/05/10/14/126233.shtml?tid=172&tid=95&tid=220|publisher=[[Slashdot]]|title=Cross-Site Scripting Worm Floods MySpace}}</ref> making Samy the fastest spreading [[Computer virus#Cross-site scripting virus|virus]] of all time.<ref>http://net-security.org/dl/articles/WHXSSThreats.pdf</ref> |
||
The worm itself was relatively harmless, it carried a [[Payload (software)|payload]] that would display the string "but most of all, samy is my hero" on a victim's MySpace profile page. When a user viewed that profile page, the payload would then be replicated and planted on their own profile page continuing the distribution of the worm. MySpace has since secured its site against the vulnerability, however |
The worm itself was relatively harmless, it carried a [[Payload (software)|payload]] that would display the string "but most of all, samy is my hero" on a victim's MySpace profile page. When a user viewed that profile page, the payload would then be replicated and planted on their own profile page continuing the distribution of the worm. MySpace has since secured its site against the vulnerability, however two MySpace profiles still display evidence of the worm to this day<ref>{{cite web|url=http://www.google.com/search?hl=en&safe=off&q=%22samy+is+my+hero%22+site:myspace.com|publisher=[[Google]]|title=Google search for "Samy is my hero" on myspace.com}}</ref> altough it seems (because of upper/lower case differences) the string was put there intentionally by the users as opposed to the actual worm itself. |
||
[[Samy Kamkar]], the author of the worm, was raided by the [[United States Secret Service]] and [[Electronic Crimes Task Force]] in 2006 for releasing the worm.<ref>http://lists.owasp.org/pipermail/owasp-losangeles/2008-December/000037.html</ref> He entered a [[plea agreement]] on January 31, 2007 to a [[felony]] charge.<ref>{{cite web|publisher=Techspot.com|title=MySpace speaks about Samy Kamkar's sentencing|first=Justin|date=2007-01-31|last=Mann|url=http://www.techspot.com/news/24226-myspace-speaks-about-samy-kamkars-sentencing.html}}</ref> The action resulted in Kamkar being sentenced to three years [[probation]] without computer use, 90 days [[community service]], and an undisclosed amount of restitution. |
[[Samy Kamkar]], the author of the worm, was raided by the [[United States Secret Service]] and [[Electronic Crimes Task Force]] in 2006 for releasing the worm.<ref>http://lists.owasp.org/pipermail/owasp-losangeles/2008-December/000037.html</ref> He entered a [[plea agreement]] on January 31, 2007 to a [[felony]] charge.<ref>{{cite web|publisher=Techspot.com|title=MySpace speaks about Samy Kamkar's sentencing|first=Justin|date=2007-01-31|last=Mann|url=http://www.techspot.com/news/24226-myspace-speaks-about-samy-kamkars-sentencing.html}}</ref> The action resulted in Kamkar being sentenced to three years [[probation]] without computer use, 90 days [[community service]], and an undisclosed amount of restitution. |
||
Revision as of 06:11, 29 September 2015
Samy (also known as JS.Spacehero) is a XSS worm that was designed to propagate across the MySpace social-networking site written by Samy Kamkar. Within just 20 hours[1] of its October 4, 2005 release, over one million users had run the payload[2] making Samy the fastest spreading virus of all time.[3]
The worm itself was relatively harmless, it carried a payload that would display the string "but most of all, samy is my hero" on a victim's MySpace profile page. When a user viewed that profile page, the payload would then be replicated and planted on their own profile page continuing the distribution of the worm. MySpace has since secured its site against the vulnerability, however two MySpace profiles still display evidence of the worm to this day[4] altough it seems (because of upper/lower case differences) the string was put there intentionally by the users as opposed to the actual worm itself.
Samy Kamkar, the author of the worm, was raided by the United States Secret Service and Electronic Crimes Task Force in 2006 for releasing the worm.[5] He entered a plea agreement on January 31, 2007 to a felony charge.[6] The action resulted in Kamkar being sentenced to three years probation without computer use, 90 days community service, and an undisclosed amount of restitution.
References
- ^ "MySpace Worm Explanation".
- ^ "Cross-Site Scripting Worm Floods MySpace". Slashdot.
- ^ http://net-security.org/dl/articles/WHXSSThreats.pdf
- ^ "Google search for "Samy is my hero" on myspace.com". Google.
- ^ http://lists.owasp.org/pipermail/owasp-losangeles/2008-December/000037.html
- ^ Mann, Justin (2007-01-31). "MySpace speaks about Samy Kamkar's sentencing". Techspot.com.