Subscribe to RSS - Worm

Worm

Share/Save

Twitter is certainly bypassing Facebook as the most popular site out there, at least when it comes to security incidents.This time somebody decided abuse Twitter to demonstrate Clickjacking, an attack that RSname and Jeremiah Grossman re-christened in the OWASP conference in New York in September.

Attack Method: 
Incident Outcome: 
Share/Save

XSSed reports another XSS worm in Orkut. Since Orkut is big in Brazil, it is quite natural that a Brazilian group created the worm.

I have used this occasion to sort out worms reporting in WHID.

  • A worm is now considered an attack method rather than an outcome. If nothing else, the outcome of a worm is "planting of malware": itself.
  • I have added a "Web 2.0" organization type as many of the XSS worms infect Web 2.0 sites.
Share/Save

A proof of concept XSS worm crawled justin.tv, a popular lifecasting platform. The warm succeeded in planting a self replicating code on 2525 accounts in less than 24 hours before the vulnerability was fixed.

Additional information:

Incident Outcome: 
Share/Save

A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected more than 650,000 Orkut users.

Additional information:

Incident Outcome: 
Share/Save

MySpace seems to be a heaven for XSS worms. This one seems to be even more interesting as it uses JavaScript embedded in a flash file. It is also interesting as it seems to combine the popular political defacement trend with high level application layer exploit.

Additional information:

Incident Outcome: 
Share/Save

Worm used Google to locate sites vulnerable to OS

Additional information:

Attack Method: 
Incident Outcome: 
Attacked System: 
Share/Save

phpBB worm

Additional information:

Attack Method: 
Incident Outcome: 
Attacked System: 
Share/Save

The Samy worm at my space is now a classic, both a sophisticated attack and a well documented one, it became a case study in the web application security field. Recently Robert Hansen (RSnake) wrote a very interesting blog entry about Samy and what happened to him since.

Additional information:

Incident Outcome: