1 / 10

THE SAMY WORM(XSS)!!!

THE SAMY WORM(XSS)!!!. CODE OF SAMY WORM. What is SAMY Worm??. Samy (also known as JS.Spacehero )  XSS worm  that was designed to propagate across the MySpace social-networking site. At the time of release, it gained significant media attention .

lucian-burnett
Download Presentation

THE SAMY WORM(XSS)!!!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. THE SAMY WORM(XSS)!!!

  2. CODE OF SAMY WORM

  3. What is SAMY Worm?? • Samy (also known as JS.Spacehero) •  XSS worm that was designed to propagate across the MySpace social-networking site. At the time of release, it gained significant media attention. • The worm carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile. When a user viewed that profile, they would have the payload planted on their page. Within just 20 hours of its October 4, 2005 release, over one million users had run the payload, making Samy the fastest spreading virus of all time. • Execution of the payload resulted in a "friend request" automatically being made to the author of the virus and in messages containing the payload being left on the profiles of the friends of the victim. MySpace has secured their site against the vulnerability that allowed the attack; however, the phrase "Samy is my hero" remains in hundreds of thousands of MySpace profiles.

  4. EXAMPLE OF SAMY WORM!

  5. Who created Samy Worm? • Samy Kamkar (born December 10, 1985) • Is a privacy and security researcher, computer hacker, whistleblower and entrepreneur. At the age of 17, he co-founded Fonality, a unified communications company, which raised over $24 million in private funding. • created the Evercookieand the MySpacewormSamy (XSS)

  6. When & Where did Kamkar released Samy Worm(XSS)? • In 2005, Kamkar released the Samy worm, the first self-propagating cross-site scripting worm, onto MySpace. The worm carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile and cause the victim to unknowingly send a friend request to Kamkar. When a user viewed that profile, they would have the payload planted on their page. Within just 20 hours of its October 4, 2005 release, over one million users had run the payload, making Samy the fastest spreading virus of all time. The worm caused MySpace to crash.

  7. Why did you make Samy worm? • According to kamkar: • Initially I was just trying to spruce up my MySpace profile. I also wanted to show off to a couple of friends, so I thought 'wouldn't it be cool if I did this? What if I made some of these people add me as a friend automatically?' Then I figured, 'what if I made them add me as a hero?' So I wrote a little code and what ended up happening is whenever someone viewed my profile, they would automatically add 'But most of all, Samy is my hero' at the end of their hero section on their profile. And after that, I thought, 'If I can make this person my friend, if I can make myself their hero, couldn't I just copy this code onto their profile?'I didn't think this would be a big deal, so I tried it out. I thought maybe I'll get one friend tomorrow and a few in maybe a few days. It went quickly. Apparently, MySpace is a bigger place than I assumed.

  8. How hard did he made the Samy Worm? • According to kamkar: • I'm not a Web application security expert, but I'm into security and I'm into Web applications. As a programmer, it wasn't too much to learn how to use AJAX, which really helped make the worm work and proliferate really quickly. It only took a few days to write the thing from start to finish and it was only in the last day that I thought that this could be a worm.

  9. When did Samy Kamkar got Arrested? • In 2006, Kamkar was raided by the United States Secret Service and Electronic Crimes Task Force, expanded from the USA PATRIOT Act, for releasing the worm.Kamkarpled guilty to a felony charge of computer hacking in Los Angeles Superior Court, and was prohibited from using a computer for three years. Since 2008, Kamkar has been doing independent computer security and privacy research and consulting.

  10. END OF PRESENTATION !!!!

More Related