Samy (also known as JS.Spacehero)[1] was an XSS Worm developed to propagate across the MySpace social-networking site. At the time of release it gained significant media attention.
Samy Kamkar entered a plea agreement on January 31, 2007 to a felony charge.[2] The action resulted in Kamkar being sentenced to three years probation, 90 days community service and an undisclosed amount of restitution.
The worm carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile. When a user viewed that profile, they would have the payload planted on their page. Within just 20 hours[3] of its October 4, 2005 release, over one million users had run the payload,[4] making Samy one of the fastest spreading viruses of all time.[5]
Execution of the payload resulted in a "friend request" automatically being made to the author of the virus and in messages containing the payload being left on the profiles of the friends of the victim.
   | JS/Spacehero-A, Sophos threat analysis - JS/Spacehero-A JavaScript worm (JS.Spacehero, Samy) - Sophos security analysis |
| | Technical explanation of the MySpace worm - MySpace Worm Explanation |
| | slashdot.org discussion - Slashdot | Cross-Site Scripting Worm Floods MySpace |
| | The Cross-site Scripting Virus - BindShell.Net: The Cross-site Scripting Virus |
| | Technical explanation of the MySpace worm - MySpace Worm Explanation |
|
|
Wikis
Quiz
Search
