HOME

TheInfoList



Click Here for Items Related To - XSS worm
OR:
XSS worm on:   [Wikipedia]   [Google]   [Amazon]

An XSS worm, sometimes referred to as a cross site scripting
virus A virus is a submicroscopic infectious agent that replicates only inside the living Cell (biology), cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Viruses are ...
, is a malicious (or sometimes non-malicious) payload, usually written in
JavaScript JavaScript (), often abbreviated as JS, is a programming language and core technology of the World Wide Web, alongside HTML and CSS. Ninety-nine percent of websites use JavaScript on the client side for webpage behavior. Web browsers have ...
, that breaches browser security to propagate among visitors of a website in the attempt to progressively infect other visitors. They were first mentioned in 2002 in relation to a cross site scripting vulnerability in
Hotmail Outlook.com, formerly Hotmail, is a free personal email service offered by Microsoft. It also provides a webmail interface accessible via web browser or mobile apps featuring mail, Calendaring software, calendaring, Address book, contacts, and ...
.


Concept

XSS worms exploit a security vulnerability known as cross site scripting (or ''XSS'' for short) within a website, infecting users in a variety of ways depending on the vulnerability. Such site features as profiles and chat systems can be affected by XSS worms when implemented improperly or without regard to security. Often, these worms are specific to a single web site, spreading quickly by exploiting specific vulnerabilities. Cross-site scripting vulnerabilities are commonly exploited in the form of worms on popular social or commercial websites, such as
MySpace Myspace (formerly stylized as MySpace, currently myspace; and sometimes my␣, with an elongated Whitespace character#Substitute images, open box symbol) is a social networking service based in the United States. Launched on August 1, 2003, it w ...
,
Yahoo! Yahoo (, styled yahoo''!'' in its logo) is an American web portal that provides the search engine Yahoo Search and related services including My Yahoo, Yahoo Mail, Yahoo News, Yahoo Finance, Yahoo Sports, y!entertainment, yahoo!life, and its a ...
, Orkut, Justin.tv,
Facebook Facebook is a social media and social networking service owned by the American technology conglomerate Meta Platforms, Meta. Created in 2004 by Mark Zuckerberg with four other Harvard College students and roommates, Eduardo Saverin, Andre ...
and
Twitter Twitter, officially known as X since 2023, is an American microblogging and social networking service. It is one of the world's largest social media platforms and one of the most-visited websites. Users can share short text messages, image ...
. These worms can be used for malicious intent, giving an attacker the basis to steal personal information provided to the web site, such as passwords or credit card numbers.


Examples

Several XSS worms have affected popular web sites.


Samy worm

The Samy worm, the largest known XSS worm, infected over 1 million
MySpace Myspace (formerly stylized as MySpace, currently myspace; and sometimes my␣, with an elongated Whitespace character#Substitute images, open box symbol) is a social networking service based in the United States. Launched on August 1, 2003, it w ...
profiles in less than 20 hours. The virus' author was sued and entered a plea agreement to a felony charge.


Justin.tv worm

Justin.tv was a video casting website with an active user base of approximately 20 thousand users. The cross-site scripting vulnerability that was exploited was that the "Location" profile field was not properly sanitized before its inclusion in a profile page. The "Location" profile field was sanitized when included in the title of a profile page but not within the actual field in the page's body. This meant that the authors of the worm, in order to achieve stealth to boost the lifetime and spread of the worm, had to automatically remove the XSS payload from the title of the page from within the worm's code, which was already hidden by comments. After proper development of the worm, it was executed approximately Saturday, 28 Jun 2008 21:52:33 UTC, and finished on Sun, 29 Jun 2008 21:12:21 UTC. Since the social website that was targeted was not particularly active (compared to other popular XSS worm targets), the worm infected a total of 2525 profiles within roughly 24 hours. The worm was found a few hours before it was successfully removed, and based on data that was recorded (due to the worm's original intent for research purposes) the worm was able to infect uninfected profiles after they were sanitized forcefully by developers of Justin.tv. The worm was sanitized once more after the vulnerability was patched, and it was able to be removed easily. However, this shows the ability for the worm to adapt and spread even after counter-attack. Other particular factors which are indicated by the graphs and data released by attackers include social activity and lack of new, uninfected users during periods of time.


Orkut "Bom Sabado" worm

Orkut, a social networking Site, was also hit by a XSS worm. Infected users receive a message containing the words "Bom Sabado" ( Portuguese, "Happy Saturday").
Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
has yet to comment on the situation.


References


See also

* Browser security * Internet safety *
Internet security Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules ...
{{DEFAULTSORT:Xss Worm Computer worms Injection exploits Web security exploits