New MySpace Worm
According to Matthew Wollenweber there is another MySpace worm variant on the loose. Was that really a surprise? It uses a phishing attack to request users enter their username and passwords. I haven’t seen the actual vector yet, so I cannot properly analyze it, but the payload is in the URL and if it gets taken down I’ve made a copy here.
There’s no word as to the number of compromises due to the phishing yet as far as I’ve seen. Worms are becoming pretty prevolant on social networking sites lately, huh? Interesting. We’ll see how this plays out but to me this feels like kitten play, and the beginning of much worse things to come.
August 29th, 2006 at 10:17 am
Just think… if the original site goes down before myspace.com deals with the worm, the mirror you’re providing of the *.js will make it easy for someone to do a varrient (ie. all they’d need to do is change the URL to point to your mirror).
August 29th, 2006 at 10:23 am
Hahah, if that starts happening, I’ll change it to something benign and move it.
I’m not too worried about it.
August 29th, 2006 at 1:45 pm
hehe Myspace suxx =)
August 30th, 2006 at 12:20 am
Found this link : http://archives.neohapsis.com/archives/bugtraq/2006-08/0510.html
August 30th, 2006 at 3:16 am
And what do u do with this .js code?
August 30th, 2006 at 8:18 am
ArISneT, it is designed to be included on the page via a cross site scripting vector. It’s not particularly useful for any other application other than injecting into MySpace, but I wanted to leave it up in case anyone wanted to do forensics on the code since it really is malware.
September 3rd, 2006 at 5:22 am
[…] Related links: - Possible Myspace Worm - New MySpace Worm […]