A newly discovered Samy worm is the first use of a cross-site scripting vulnerability worm.Security experts fear the technology could be used to open up a new battleground in the vanguard of malicious code official.MySpace.com is a member of the large number of self-written in a way to spread worms, and MySpace.com is dedicated to helping friends stay in touch and share photos of community sites.Samy worm through the use of the loopholes in their MySpace.com friends list of the new in an increase of 100 million friends.According to security experts said that although the worm does not pose any threat to other sites, however, that this new self-propagating cross-site scripting (XSS) worm will likely be copied by other malicious code writers.According to Trend Micro Australia and New Zealand Division, said a senior systems engineer Adam, called Samy's MySpace.com users to appear on the site design has created a vulnerability in a "malicious" user file.When the user profile is viewed, it will automatically activate the code, add the user to Samy's "friends" list.Moreover, the malicious code also will be copied to the user's file so that when others view the user's files, this worm can continue to spread.
According to Adam, said the Samy worm and denial of service is almost created a considerable effect, as it will cause the number of friends list of friends has grown exponentially, and will ultimately consume a lot of system resources.According to MX Logic's chief technology officer Scott said that although XSS vulnerabilities were discovered for some time, but was discovered Samy worm is the first advantage of this vulnerability worm.According to him, Samy worm highlights the use of self-propagating worms spread of the possibility of XSS vulnerabilities.Samy worm exploited the vulnerability could inject code into the site, and these codes can be a browser or e-mail client parsing and execution.According to Scott, said that with the browser and the further development of e-mail client, using XSS vulnerability the worm will gradually increase.They will give the continuity of the Internet, such as including denial of service attacks, spam attacks brought about a significant impact.
According to Adam, said that as the system administrator should pay close attention to Samy worm, because it created a new method of attack.In addition, this is also software designers and webmasters the primary consideration.