Download presentation
Presentation is loading. Please wait.
Published byVernon Burke Modified over 9 years ago
4
Samy (also known as JS.Spacehero) XSS worm that was designed to propagate across the MySpace social-networking site. At the time of release, it gained significant media attention. The worm carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile. When a user viewed that profile, they would have the payload planted on their page. Within just 20 hours of its October 4, 2005 release, over one million users had run the payload, making Samy the fastest spreading virus of all time. Execution of the payload resulted in a "friend request" automatically being made to the author of the virus and in messages containing the payload being left on the profiles of the friends of the victim. MySpace has secured their site against the vulnerability that allowed the attack; however, the phrase "Samy is my hero" remains in hundreds of thousands of MySpace profiles.
6
Samy Kamkar (born December 10, 1985) Is a privacy and security researcher, computer hacker, whistleblower and entrepreneur. At the age of 17, he co-founded Fonality, a unified communications company, which raised over $24 million in private funding. created the Evercookie and the MySpace wormSamy (XSS)
7
In 2005, Kamkar released the Samy worm, the first self-propagating cross-site scripting worm, onto MySpace. The worm carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile and cause the victim to unknowingly send a friend request to Kamkar. When a user viewed that profile, they would have the payload planted on their page. Within just 20 hours of its October 4, 2005 release, over one million users had run the payload, making Samy the fastest spreading virus of all time. The worm caused MySpace to crash.
8
According to kamkar: Initially I was just trying to spruce up my MySpace profile. I also wanted to show off to a couple of friends, so I thought 'wouldn't it be cool if I did this? What if I made some of these people add me as a friend automatically?' Then I figured, 'what if I made them add me as a hero?' So I wrote a little code and what ended up happening is whenever someone viewed my profile, they would automatically add 'But most of all, Samy is my hero' at the end of their hero section on their profile. And after that, I thought, 'If I can make this person my friend, if I can make myself their hero, couldn't I just copy this code onto their profile?'I didn't think this would be a big deal, so I tried it out. I thought maybe I'll get one friend tomorrow and a few in maybe a few days. It went quickly. Apparently, MySpace is a bigger place than I assumed.
9
AAccording to kamkar: II'm not a Web application security expert, but I'm into security and I'm into Web applications. As a programmer, it wasn't too much to learn how to use AJAX, which really helped make the worm work and proliferate really quickly. It only took a few days to write the thing from start to finish and it was only in the last day that I thought that this could be a worm.
10
In 2006, Kamkar was raided by the United States Secret Service and Electronic Crimes Task Force, expanded from the USA PATRIOT Act, for releasing the worm.Kamkar pled guilty to a felony charge of computer hacking in Los Angeles Superior Court, and was prohibited from using a computer for three years. Since 2008, Kamkar has been doing independent computer security and privacy research and consulting.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.