First, it injected itself (the script injection
and attack code) into the victim??™s profile page. So if a user visited any victimized MySpace
profile page, the user would also become a victim/vector and help spread the worm.
This was the worm aspect of the Samy worm, because it initially started on Samy??™s profile
page and then spread to profile pages of Samy??™s visitors, then spread to the visitors
visiting Samy??™s visitors, and so forth. This method of spreading the script injection and
the attack code is extremely fast. In fact, this worm grows at an exponential rate. We call
this part of the Samy worm the transport.
After Samy created an extremely fast transport that spread and executed JavaScript
to many MySpace users, he needed to create a payload that performed something
malicious. Samy??™s choice of payload was relatively kind and humorous. The payload
performed two tasks: it added ???but most of all, samy is my hero??? to the Heros section of
the victim??™s Profile page, and it forced the victim to send a friend request to Samy??™s
profile, that is add Samy as a friend.
We present the unobfuscated Samy worm describing the code in detail; the main
code first and the supporting code afterwards.
Pages:
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141