My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Worm.JS.Spacehero.A

VERY HIGH
MEDIUM
4015 bytes
(Net-Worm.JS.Spacehero.a, JS.Spacehero, JS/Spacehero.A worm, JS/Spacehero.A, JS/Spacehero.A!worm, Script.Spacehero.A, JS/Hero.A)

Symptoms

While browsing on myspace.com in the list of heroes that belongs to the Interest section, a new entry is added : "but most of all, samy is my hero."

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Daniel Chipiristeanu, virus researcher

Technical Description:

The worm uses XSS (Cross-site scripting) to propagate itself on the myspace social networking website (www.myspace.com).

It approaches different techniques to avoid the security system of the website, building its own code, in order to circumvent the already fixed vulnerabilities in the website. After that, the worm adds a specific profile to the friends page of the infected profile and puts its own code in the list of heroes that belongs to the Interest section, accompanied by a new entry : "but most of all, samy is my hero.". Considering this, when another user visited the infected profile, it would get infected too; this helped the worm become one of the fastest-spreading worms on the Internet.
At the time of analysis, MySpace fixed its security issue and the worm isn't active anymore.