Samy (also known as JS.Spacehero) is a

cross-site scripting Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability m ...

worm Worms are many different distantly related bilateral animals that typically have a long cylindrical tube-like body, no limbs, and no eyes (though not always). Worms vary in size from microscopic to over in length for marine polychaete wo ...

(

XSS worm An XSS worm, sometimes referred to as a cross site scripting virus, is a malicious (or sometimes non-malicious) payload, usually written in JavaScript, that breaches browser security to propagate among visitors of a website in the attempt to prog ...

) that was designed to propagate across the social networking site MySpace by

Samy Kamkar Samy may refer to: *Samy (director) (active from 2006), Tamil film director *Samy (XSS), a computer worm *Samy (Mobile Marketing) ''MobileBits Corporation'' is an American marketing technology/advertising company that operated a pure brand mobil ...

. Within just 20 hours of its October 4, 2005 release, over one million users had run the payload making Samy the fastest-spreading

virus A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsk ...

of all time. The worm itself was relatively harmless; it carried a payload that would display the string "but most of all, samy is my hero" on a victim's MySpace profile page as well as send Samy a friend request. When a user viewed that profile page, the payload would then be replicated and planted on their own profile page continuing the distribution of the worm. MySpace has since secured its site against the vulnerability. Samy Kamkar, the author of the worm, was raided by the

United States Secret Service The United States Secret Service (USSS or Secret Service) is a federal law enforcement agency under the Department of Homeland Security charged with conducting criminal investigations and protecting U.S. political leaders, their families, and ...

and Electronic Crimes Task Force in 2006 for releasing the worm. He entered a plea agreement on January 31, 2007 to a

felony A felony is traditionally considered a crime of high seriousness, whereas a misdemeanor is regarded as less serious. The term "felony" originated from English common law (from the French medieval word "félonie") to describe an offense that resu ...

charge. The action resulted in Kamkar being sentenced to three years'

probation Probation in criminal law is a period of supervision over an offender, ordered by the court often in lieu of incarceration. In some jurisdictions, the term ''probation'' applies only to community sentences (alternatives to incarceration), such ...

with only one computer and no access to the Internet, 90 days'

community service Community service is unpaid work performed by a person or group of people for the benefit and betterment of their community without any form of compensation. Community service can be distinct from volunteering, since it is not always performe ...

, and $15,000–20,000 in restitution, as directly reported by Kamkar himself on "Greatest Moments in Hacking History" by

Vice Media Vice Media Group LLC is an American-Canadian digital media and broadcasting company. , the Vice Media Group included five main business areas: VICE.com (digital content); VICE STUDIOS (film and TV production) VICE TV (also known as VICELAND); ...

's video website, Motherboard.

References

External links

Motherboard S01E03 Greatest Moments In Hacking History: Samy Kamkar Takes Down Myspaceslashdot.org discussionDarknet Diaries - Samy (Episode 61)
{{DEFAULTSORT:Samy (Xss) Computer worms Myspace JavaScript Hacking in the 2000s