|
The Web Hacking Incidents Database
Last update:17 February 2008
List of Incidents for a Classification
Please note that classifications are a new feature and not all entries in WHID are already classified, so when you get a certain number of entries for a classification, WHID might have more records matching that classification that we did not classify yet. We hope to complete the classification process soon.
Select classification:
Attack Method, Country, Location, Origin, Outcome, Software, Vertical Select criteria for classification "Outcome":
Blackmail, Chaos, Deceit, Defacement, Disclosure Only, Downtime, Extortion, Identity Theft, Information Warfare, Leakage of Information, Link Spam, Loss of Sales, Monetary Loss, Phishing, Planting of Malware, Political Defacement, Spam, Worm
List of incidents for which Outcome is Worm
3 incidents listed
Reported: 19 December 2007Occurred: 19 December 2007
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Country: USA
- Outcome: Worm
- Vertical: Internet
A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected more than 650,000 Orkut users.
References:
Reported: 24 July 2006Occurred: 16 July 2006
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Worm
MySpace seems to be a heaven for XSS worms. This one seems to be even more interesting as it uses JavaScript embedded in a flash file. It is also interesting as it seems to combine the popular political defacement trend with high level application layer exploit.
References:
Reported: 08 November 2005Occurred: 10 April 2005
Classifications:
- Attack Method: Cross Site Scripting (XSS)
- Outcome: Worm
The Samy worm at my space is now a classic, both a sophisticated attack and a well documented one, it became a case study in the web application security field. Recently Robert Hansen (RSnake) wrote a very interesting blog entry about Samy and what happened to him since.
References:
- My Lunch With Samy
Blog Entry, ha.ckers, 10 March 2007
- MySpace XSS worm writer notes
Hacker Notes, bindshell, 10 April 2005
- MySpace XSS worm source
Technical Description, bindshell, 10 April 2005
- MySpace XSS virus development
Technical Description, bindshell, 10 April 2005
- Cross-Site Scripting Worm Hits MySpace
News Story, Beta News, 10 April 2005
This work is licensed under the Creative Commons Attribution License. To view a copy of this license, visit http://creativecommons.org/licenses/by/2.5/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
|
