Cenzic 232 Patent
Paid Advertising
web application security lab

Semi Reflective XSS Worm hits Gaiaonline.com

I go to sleep for a few hours and I miss all the fun. Apparently Kyran wrote and turned on an XSS worm against Gaiaonline.com. In just 3-4 hours over 1500 people were infected with the benign virus. I chatted with Kyran about this, and although it used a persistent means to propagate it was really a reflective payload. One could argue it’s completely persistent, but it’s interesting none-the-less.

Here’s the source to Gaiaworm.

Clearly these types of worms are becoming more commonplace as the propagation methods become more widely understood. Unfortunately most of these worms happen to look a lot like AJAX, so it’s difficult to write signatures for them. I’m surprised the anti-virus/anti-malware community hasn’t tried to solve this one yet. This is really their domain of expertise - genetic propagation.

10 Responses to “Semi Reflective XSS Worm hits Gaiaonline.com”

  1. tyler Says:

    some one hackad

  2. 101manga Says:

    hey whats up!! how do you get to hack people??

  3. RSnake Says:

    I’m not quite sure what you’re asking. Are you asking how XSS works?

  4. Meji Says:

    What does this Worm do, and how do I know if I got it?

    I hang around on Gaia like everyday, so I’m a little curious.

  5. WhiteAcid Says:

    All it did was log that it was used by your profile. It didn’t change anything. It was made to test how well a worm would spread, it was not made to cause damage.

    Nothing was downloaded onto your PC, nor was anything on your PC or on your Gaia online account changed.

  6. Deric Says:

    What? How in the world do you use this? Please help…

  7. angel Says:

    gaia sucks u scam one item u get banned

  8. Gaia Sucks Says:

    Actually, you get banned just for playing too much…

    http://www.gaiaonlinesucks.com/gaia-online-ban-page

  9. System shock Says:

    XSS attacksbabys. Try inserting the”blaster” worm on to hard drives.

  10. NeoX Says:

    Hey Guys, Sry to get back on this, but i am sql injector pro:)

    i want some more information and able to talk with somebody who knows what to do with this gaiaonline:), and if it stil works:P, they dont seems to have a sql injecton sadly otherwise i already tested some things:),

    hope somebody can add me fast and talk with me somebody who knows if xss stil works or if its already fixed long time ago:)