[WEB SECURITY] MySpace Flash worm

[Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx>]

Some bloggers [1] are reporting that a new MySpace worm is making the  
rounds. This one looks like its based on Flash with some AJAX looking  
ActionScript code embedded [2].

"Somebody has managed to hack Myspace.com with a flash based redirect  
that exploits what is apparently a gaping wide hole in the Myspace  
code. If you are signed into Myspace, and you go to a friends page,  
and then find yourself redirected to a blog post containing a  
diatribe about how the United States government is behind the 9/11  
attacks, then your account has been hacked, and everyone who visits  
your page will be infected!! Yes, it’s true, at least for now -  
everybody who visits an infected profile while signed into their  
Myspace account will have their page hijacked!" [3]


Myspace Hack Spreading
http://seoblackhat.com/2006/07/16/myspace-hack-spreading/

How the myspace SWF hack worked
http://kinematictheory.phpnet.us/

Myspace Hack spreading like wildfire: SPAIRLKAIFS
http://chaseandsam.com/2006/07/myspace-hack-spreading-like-wildfire.html



Regards,

Jeremiah Grossman
Founder and CTO
WhiteHat Security
www.whitehatsec.com
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]