Samy (XSS)

Samy (XSS)

Samy (also known as JS.Spacehero)cite web|url=http://www.sophos.com/virusinfo/analyses/jsspaceheroa.html|title=JS/Spacehero-A, Sophos threat analysis|publisher=Sophos] was an XSS Worm developed to propagate across the MySpace social-networking site. At the time of release it gained significant media attention. Portal|Computer security|Portal.svg

MySpace filed a lawsuit against the virus creator, Samy Kamkar. He entered a plea agreement, on January 31, 2007, to a felony charge. [cite web|publisher=Techspot.com|title=MySpace speaks about Samy Kamkar's sentencing|first=Justin|date=2007-01-31|last=Mann|url=http://www.techspot.com/news/24226-myspace-speaks-about-samy-kamkars-sentencing.html] The action resulted in Kamkar being sentenced to three years probation, 90 days community service and an undisclosed amount of restitution.

The virus carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile. When a user viewed that profile, they would have the payload planted on their page. Within just 20 hours [ [http://namb.la/popular/tech.html MySpace Worm Explanation ] ] of its October 4, 2005 release, over one million users had run the payload, [cite web|url=http://it.slashdot.org/it/05/10/14/126233.shtml?tid=172&tid=95&tid=220|publisher=Slashdot|title=Cross-Site Scripting Worm Floods MySpace] making Samy one of the fastest spreading viruses of all time. [http://net-security.org/dl/articles/WHXSSThreats.pdf]

Execution of the payload resulted in a "friend request" automatically being made to the author of the virus and in messages containing the payload being left on the profiles of the friends of the victim.

References

External links

* [http://ha.ckers.org/blog/20070319/samy-worm-analysis/ Samy Worm Analysis]
* [http://blog.outer-court.com/archive/2005-10-14-n81.html An interview with Samy]
* [http://web.archive.org/web/20060208182348/namb.la/popular/tech.html Technical explanation of the MySpace worm]
* [http://it.slashdot.org/it/05/10/14/126233.shtml?tid=172&tid=95&tid=220 slashdot.org discussion]
* [http://www.scmagazine.com.au/news/45262,myspace-superworm-creator-sentenced-to-probation-community-service.aspx Information on Samy Kamkar case]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Samy — may refer to: *Samy is a given name. *Samy (XSS)ee also*lookfrom *Sami (disambiguation) …   Wikipedia

  • XSS Worm — An XSS Worm, also known as a cross site scripting viruscite web|url=http://www.bindshell.net/papers/xssv/|title=The Cross site Scripting Virus|first=Wade|last=Alcorn|date=2005 09 25|publisher=BindShell.net] , is a malicious (or sometimes non… …   Wikipedia

  • XSS — Cross site scripting Le cross site scripting, abrégé XSS, est un type de faille de sécurité des sites Web, que l on trouve typiquement dans les applications Web qui peuvent être utilisées par un attaquant pour faire afficher des pages web… …   Wikipédia en Français

  • Timeline of notable computer viruses and worms — This is a timeline of noteworthy computer viruses and worms.1970 1979Early 1970s* Creeper virus was detected on ARPANET infecting the Tenex operating system. Creeper gained access independently through a modem and copied itself to the remote… …   Wikipedia

  • Timeline of computer viruses and worms — Contents 1 1960–1969 1.1 1966 2 1970–1979 2.1 1 …   Wikipedia

  • Cross-site scripting — Le cross site scripting, abrégé XSS, est un type de faille de sécurité des sites Web, que l on trouve typiquement dans les applications Web qui peuvent être utilisées par un attaquant pour provoquer un comportement du site Web différent de celui… …   Wikipédia en Français

  • Cross Site Scripting — Le cross site scripting, abrégé XSS, est un type de faille de sécurité des sites Web, que l on trouve typiquement dans les applications Web qui peuvent être utilisées par un attaquant pour faire afficher des pages web contenant du code douteux.… …   Wikipédia en Français

  • Cross site scripting — Le cross site scripting, abrégé XSS, est un type de faille de sécurité des sites Web, que l on trouve typiquement dans les applications Web qui peuvent être utilisées par un attaquant pour faire afficher des pages web contenant du code douteux.… …   Wikipédia en Français

  • List of computer criminals — Hacker Adrian Lamo (left) with contemporaries Kevin Mitnick (center) and Kevin Poulsen …   Wikipedia

  • Cross-site request forgery — Cross site request forgery, also known as a one click attack or session riding and abbreviated as CSRF (pronounced sea surf[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”