Worm.JS.Spacehero.A
VERY HIGH
MEDIUM
4015 bytes
(Net-Worm.JS.Spacehero.a, JS.Spacehero, JS/Spacehero.A worm, JS/Spacehero.A, JS/Spacehero.A!worm, Script.Spacehero.A, JS/Hero.A)
Symptoms
While browsing on myspace.com in the list of heroes that belongs to the Interest section, a new entry is added : "but most of all, samy is my hero."
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Daniel Chipiristeanu, virus researcher
Technical Description:
The worm uses
XSS (
Cross-site scripting) to propagate itself on the
myspace social networking website (
www.myspace.com).
It approaches different techniques to avoid the security system of the website, building its own code, in order to circumvent the already fixed vulnerabilities in the website. After that, the worm adds a specific profile to the friends page of the infected profile and puts its own code in the
list of heroes that belongs to the
Interest section, accompanied by a new entry : "
but most of all, samy is my hero.". Considering this, when another user visited the infected profile, it would get infected too; this helped the worm become one of the fastest-spreading worms on the Internet.
At the time of analysis, MySpace fixed its security issue and the worm isn't active anymore.
SHARE
THIS ON