Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross-Site Scripting Worm Floods MySpace

Posted by Zonk on from the why-would-you-want-to-do-anything-on-myspace dept.

DJ_Vegas writes "One clever MySpace user looking to expand his buddy list recently figured out how to force others to become his friend, and ended up creating the first self-propagating cross-site scripting (XSS) worm. In less than 24 hours, 'Samy' had amassed over 1 million friends on the popular online community. According to BetaNews, the worm's code utilized XMLHTTPRequest - a JavaScript object used in AJAX Web applications and was spreading at a rate of 1,000 users every few seconds before MySpace shut down its site. Thankfully, the script was written for fun and didn't try to take advantage of unpatched security holes in IE to create a massive MySpace botnet."

5 of 321 comments (clear)

  1. unbeleivamable by Anonymous Coward · · Score: -1, Offtopic

    omg frist p0st!

    1. Re:unbeleivamable by Anonymous Coward · · Score: -1, Offtopic

      I work for frist p0st.

      So I am really getting a kick out of most of these replies.

      Some of you guys are very good at making it sound like you know what you are talking about.

      But trust me.... You don't.

      I think you just want to make yourself sound smart, when in reality you dont know what you are talking about.

      This is how bad info gets passed around.

      If you dont know about the topic....Dont make yourself sound like you do.

      Cuz some Slashdotters belive anything they hear.

  2. First! by Anonymous Coward · · Score: -1, Offtopic

    Roses are red
    Violets are blue
    I love you more
    than my CPU!

  3. gnaUa by Anonymous Coward · · Score: -1, Offtopic

    members' creative from nOw on o8 non-fucking-existant. declined in market who are intersted

  4. Re:Day late, dollar short. by Anonymous Coward · · Score: -1, Offtopic

    so much tr0ll1ng 2 do, so l1ttle tiem.