MySpace is an online community or better called social network where people can share photos, journals and interests. A worm appeared on myspace recently called "samy is my hero", it makes a guy called "Samy" making more than a million of friends all have in their "Heroes" description the notice : but most of all, samy is my hero..

Technically how this happen, the worm was placed first on Samy's profile. Once someone visit his profile it add Samy to his friend list and accept it automaticly. All was done in the background via Ajax ! It also copy the worm code the visitor's profile so it can infect other people and so on ! Samy hits 1,000,000+ users in less than 20 hours !

The XSS bug which MySpace missed was the possibility to run javascript within CSS tags. Samy have written a full explanation about the bug and the worm which make him popular. It is not the first AJAX worm, but it's one of those which makes a buzz on the blogosphere. People who are ignoring XSS bugs, this alert is for you, be careful AJAX could be your ennemy !