Semi Reflective XSS Worm hits Gaiaonline.com
I go to sleep for a few hours and I miss all the fun. Apparently Kyran wrote and turned on an XSS worm against Gaiaonline.com. In just 3-4 hours over 1500 people were infected with the benign virus. I chatted with Kyran about this, and although it used a persistent means to propagate it was really a reflective payload. One could argue it’s completely persistent, but it’s interesting none-the-less.
Here’s the source to Gaiaworm.
Clearly these types of worms are becoming more commonplace as the propagation methods become more widely understood. Unfortunately most of these worms happen to look a lot like AJAX, so it’s difficult to write signatures for them. I’m surprised the anti-virus/anti-malware community hasn’t tried to solve this one yet. This is really their domain of expertise - genetic propagation.
January 14th, 2007 at 4:41 pm
some one hackad
January 18th, 2007 at 7:58 pm
hey whats up!! how do you get to hack people??
January 18th, 2007 at 8:13 pm
I’m not quite sure what you’re asking. Are you asking how XSS works?
February 7th, 2007 at 2:56 pm
What does this Worm do, and how do I know if I got it?
I hang around on Gaia like everyday, so I’m a little curious.
February 9th, 2007 at 6:01 pm
All it did was log that it was used by your profile. It didn’t change anything. It was made to test how well a worm would spread, it was not made to cause damage.
Nothing was downloaded onto your PC, nor was anything on your PC or on your Gaia online account changed.
April 5th, 2007 at 10:00 am
What? How in the world do you use this? Please help…
July 19th, 2007 at 8:30 am
gaia sucks u scam one item u get banned