Once his code was completed to perform all the
actions described so far, his final step was to load the worm. The follow steps highlight
his actions from posting the worm to propagating it:
1. Place hostile JavaScript on MySpace page. Once a user views the page, all the
malicious code is executed by the user??™s browser, which includes forcing the
browser to perform HTTP GETs/POSTs.
2. The code adds Samy to as the user??™s friend, which is completed by
XMLHTTPRequest with several GETs/POSTs. The code also grabs a list
of the user??™s hero and adds Samy as a hero, by speci?¬? cally adding ???but most
of all, samy is my hero???.
3. For self-propagation, allowing this to be classi?¬? ed as worm and not a Trojan
horse, the worm will post the hostile code to the user??™s hero pages as well,
blasting all the user??™s heroes with the malicious code automatically.
4. Once a user??™s hero was infected with the code, Samy would be added as a
friend and all their heroes would then be blasted with the code, repeating steps
2 through 4 inde?¬? nitely until MySpace eventually was forced to shut down its
site to clear up the worm.
YAMMER VIRUS
In addition to the Samy worm, malicious JavaScript was the culprit for a virus attack that
affected Yahoo! Mail users in June 2006.
Pages:
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221