Do you have a question? Post it now! No Registration Necessary. Now with pictures!
December 7, 2006, 6:52 pm
rate this thread
=BB Write To Editor
=BB Digg Worm Hits MySpace
The payload redirects users to another site and isn't malicious. But in
light of the social networking site's rapidly rising popularity, some
security watchers are wondering if a malicious worm is the next step.
By Gregg Keizer
Jul 17, 2006 02:17 PM
users' profiles that redirects visitors to a site claiming the U.S.
government was behind the 9/11 terrorist attacks, a security company
The unnamed worm isn't malicious, said Symantec researchers, but the
malformed Shockwave Flash (.swf) file containing the payload embeds
"This script code would then be interpreted by any user who visited the
site, allowing sensitive data to be stolen, such as a hash value
required to carry out operations as a user," said Symantec. Currently,
profiles on the popular social network site.
An independent researcher has dissected the .swf file and commented on
the code; his analysis is available here.
MySpace, which recently was dubbed the most visited site on the
Internet, has been attacked in the past by scripts with similar methods
of spreading, Symantec noted.
The Cupertino, Calif. security giant warned that this attack was just a
step away from something much more serious, in large part because of
the social network's rising popularity.
"If the payload were malicious, such as being used to carry out a
secondary attack involving one of the recently discovered patched or
unpatched vulnerabilities affecting Microsoft Office content, the
impact could [have been] extremely high," Symantec's warning went.
Last week, MySpace was used to spread adware created by Zango, the
company formerly known as 180solutions.
- » MySpace Shuts Down User Profiles Due To Worm Infection
- — Previous thread in » General Computer Security