« Accessibility and design of AJAX applications | Main | AJAX for Designers »

MySpace Worm, and then ?

MySpace is an online community or better called social network where people can share photos, journals and interests. A worm appeared on myspace recently called "samy is my hero", it makes a guy called "Samy" making more than a million of friends all have in their "Heroes" description the notice : but most of all, samy is my hero..

Technically how this happen, the worm was placed first on Samy's profile. Once someone visit his profile it add Samy to his friend list and accept it automaticly. All was done in the background via Ajax ! It also copy the worm code the visitor's profile so it can infect other people and so on ! Samy hits 1,000,000+ users in less than 20 hours !

The XSS bug which MySpace missed was the possibility to run javascript within CSS tags. Samy have written a full explanation about the bug and the worm which make him popular. It is not the first AJAX worm, but it's one of those which makes a buzz on the blogosphere. People who are ignoring XSS bugs, this alert is for you, be careful AJAX could be your ennemy !

Posted by Hatem on October 14, 2005 8:01 AM to AJAX Experience | AJAX Security |

Bookmark this article at these sites
Post a comment





(Email will remain hidden)





Please enter the security code you see here




Related entries
Email to a friend
Email this article to:


Your email address:


Message (optional):