Cenzic 232 Patent
Paid Advertising
web application security lab

New MySpace Worm

According to Matthew Wollenweber there is another MySpace worm variant on the loose. Was that really a surprise? It uses a phishing attack to request users enter their username and passwords. I haven’t seen the actual vector yet, so I cannot properly analyze it, but the payload is in the URL and if it gets taken down I’ve made a copy here.

There’s no word as to the number of compromises due to the phishing yet as far as I’ve seen. Worms are becoming pretty prevolant on social networking sites lately, huh? Interesting. We’ll see how this plays out but to me this feels like kitten play, and the beginning of much worse things to come.

7 Responses to “New MySpace Worm”

  1. yawnmoth Says:

    Just think… if the original site goes down before myspace.com deals with the worm, the mirror you’re providing of the *.js will make it easy for someone to do a varrient (ie. all they’d need to do is change the URL to point to your mirror).

  2. RSnake Says:

    Hahah, if that starts happening, I’ll change it to something benign and move it. ;) I’m not too worried about it.

  3. Girzi Says:

    hehe Myspace suxx =)

  4. Girzi Says:

    Found this link : http://archives.neohapsis.com/archives/bugtraq/2006-08/0510.html

  5. ArISneT Says:

    And what do u do with this .js code?

  6. RSnake Says:

    ArISneT, it is designed to be included on the page via a cross site scripting vector. It’s not particularly useful for any other application other than injecting into MySpace, but I wanted to leave it up in case anyone wanted to do forensics on the code since it really is malware.

  7. rxbbx - news, gadgets and other fun stuff » MySpace Issues Says:

    […] Related links: - Possible Myspace Worm - New MySpace Worm […]