Samy (computer worm)

Last updated

Samy (also known as JS.Spacehero) is a cross-site scripting worm (XSS worm) that was designed to propagate across the social networking site MySpace by Samy Kamkar. Within just 20 hours [1] of its October 4, 2005 release, over one million users had run the payload [2] making Samy the fastest-spreading virus of all time. [3]

The message on a victim's profile SamyIsMyHero.png
The message on a victim's profile

The worm itself was relatively harmless; it carried a payload that would display the string "but most of all, samy is my hero" on a victim's MySpace profile page as well as send Samy a friend request. When a user viewed that profile page, the payload would then be replicated and planted on their own profile page continuing the distribution of the worm. MySpace has since secured its site against the vulnerability. [1]

Samy Kamkar, the author of the worm, was raided by the United States Secret Service and Electronic Crimes Task Force in 2006 for releasing the worm. [4] He entered a plea agreement on January 31, 2007, to a felony charge. [5] The action resulted in Kamkar being sentenced to three years' probation with only one (remotely-monitored) computer and no access to the Internet for life (this provision was later struck off by a judge), 90 days' community service, and $15,000–$100,000,000 in restitution, as well as a 20-year suspended prison sentence, as directly reported by Kamkar himself on "Greatest Moments in Hacking History" by Vice Media's video website, Motherboard. [6]

Related Research Articles

<span class="mw-page-title-main">Computer worm</span> Self-replicating malware program

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. When these new worm-invaded computers are controlled, the worm will continue to scan and infect other computers using these computers as hosts, and this behaviour will continue. Computer worms use recursive methods to copy themselves without host programs and distribute themselves based on exploiting the advantages of exponential growth, thus controlling and infecting more and more computers in a short time. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

The Melissa virus is a mass-mailing macro virus released on or around March 26, 1999. It targets Microsoft Word and Outlook-based systems and created considerable network traffic. The virus infects computers via email; the email is titled "Important Message From," followed by the current username. Upon clicking the message, the body reads, "Here's that document you asked for. Don't show anyone else ;)." Attached is a Word document titled "list.doc," containing a list of pornographic sites and accompanying logins for each. It then mass-mails itself to the first fifty people in the user's contact list and disables multiple safeguard features on Microsoft Word and Microsoft Outlook.

Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. During the second half of 2007, XSSed documented 11,253 site-specific cross-site vulnerabilities, compared to 2,134 "traditional" vulnerabilities documented by Symantec. XSS effects vary in range from petty nuisance to significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner network.

<span class="mw-page-title-main">CIH (computer virus)</span> Windows 9x computer virus

CIH, also known as Chernobyl or Spacefiller, is a Microsoft Windows 9x computer virus that first emerged in 1998. Its payload is highly destructive to vulnerable systems, overwriting critical information on infected system drives and, in some cases, destroying the system BIOS. The virus was created by Chen Ing-hau, a student at Tatung University in Taiwan. It was believed to have infected sixty million computers internationally, resulting in an estimated NT$1 billion (US$35,801,231.56) in commercial damages.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

<span class="mw-page-title-main">Mydoom</span> Self-replicating malware program that spread by email

Mydoom was a computer worm that targeted computers running Microsoft Windows. It was first sighted on January 26, 2004. It became the fastest-spreading e-mail worm ever, exceeding previous records set by the Sobig worm and ILOVEYOU, a record which as of 2024 has yet to be surpassed.

<span class="mw-page-title-main">SQL injection</span> Computer hacking technique

In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Myspace is a social networking service based in the United States. Launched on August 1, 2003, it was the first social network to reach a global audience and had a significant influence on technology, pop culture and music. It also played a critical role in the early growth of companies like YouTube and created a developer platform that launched the successes of Zynga, RockYou, and Photobucket, among others. From 2005 to 2009, Myspace was the largest social networking site in the world.

Christopher Boyd, also known by his online pseudonym Paperghost, is a computer security researcher.

<span class="mw-page-title-main">Samy Kamkar</span> American businessman

Samy Kamkar is an American privacy and security researcher, computer hacker and entrepreneur. At the age of 16, he dropped out of high school. One year later, he co-founded Fonality, a unified communications company based on open-source software, which raised over $46 million in private funding. In 2005, he created and released the fastest spreading virus of all time, the MySpace worm Samy, and was subsequently raided by the United States Secret Service under the Patriot Act. He also created SkyJack, a custom drone which hacks into any nearby Parrot drones allowing them to be controlled by its operator and created the Evercookie, which appeared in a top-secret NSA document revealed by Edward Snowden and on the front page of The New York Times. He has also worked with The Wall Street Journal, and discovered the illicit mobile phone tracking where the Apple iPhone, Google Android and Microsoft Windows Phone mobile devices transmit GPS and Wi-Fi information to their parent companies. His mobile research led to a series of class-action lawsuits against the companies and a privacy hearing on Capitol Hill. Kamkar has a chapter giving advice in Tim Ferriss' book Tools of Titans.

An XSS worm, sometimes referred to as a cross site scripting virus, is a malicious payload, usually written in JavaScript, that breaches browser security to propagate among visitors of a website in the attempt to progressively infect other visitors. They were first mentioned in 2002 in relation to a cross site scripting vulnerability in Hotmail.

<span class="mw-page-title-main">Computer virus</span> Computer program that modifies other programs to replicate itself and spread

A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and inserting its own code into those programs. If this replication succeeds, the affected areas are then said to be "infected" with a computer virus, a metaphor derived from biological viruses.

<span class="mw-page-title-main">Malvertising</span> Use of online advertisement or advertising to spread malware

Malvertising is the use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages. Because advertising content can be inserted into high-profile and reputable websites, malvertising provides malefactors an opportunity to push their attacks to web users who might not otherwise see the ads, due to firewalls, more safety precautions, or the like. Malvertising is "attractive to attackers because they 'can be easily spread across a large number of legitimate websites without directly compromising those websites'."

<span class="mw-page-title-main">Evercookie</span> JavaScript application programming interface

Evercookie is a JavaScript application programming interface (API) that identifies and reproduces intentionally deleted cookies on the clients' browser storage. It was created by Samy Kamkar in 2010 to demonstrate the possible infiltration from the websites that use respawning. Websites that have adopted this mechanism can identify users even if they attempt to delete the previously stored cookies.

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website or web application where unauthorized commands are submitted from a user that the web application trusts. There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidden forms, and JavaScript fetch or XMLHttpRequests, for example, can all work without the user's interaction or even knowledge. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account.

The social networking service Myspace was among the most popular web sites in the 2000s decade. It has faced criticism on a variety of fronts, including for a massive redesign of the site in 2012 which occurred after the majority of original users had abandoned the website, misuse of the platform for cyber-bullying and harassment, risks for users' privacy, and major data losses.

<span class="mw-page-title-main">SpaceHey</span> Retro social network

SpaceHey is an English-language online social network operated by the German company tibush GmbH and headquartered in Pfullingen. Founded in 2020 by Anton Röhm, the project serves as a homage to social media platform MySpace during its peak in the mid-2000s. However, it is not officially affiliated with MySpace.

References

  1. 1 2 "MySpace Worm Explanation". Samy.pl. Retrieved 2015-12-25.
  2. "Cross-Site Scripting Worm Floods MySpace". Slashdot. 14 October 2005. Retrieved 2015-12-25.
  3. "CROSS-SITE SCRIPTING WORMS AND VIRUSES : The Impending Threat and the Best Defense" (PDF). Net-security.org. Archived from the original (PDF) on 2011-01-04. Retrieved 2015-12-25.
  4. "[Owasp-losangeles] OWASP LA". Lists.owasp.org. Retrieved 2015-12-25.
  5. Mann, Justin (2007-01-31). "MySpace speaks about Samy Kamkar's sentencing". Techspot.com.
  6. Motherboard (2016-06-01), Greatest Moments in Hacking History: Samy Kamkar Takes Down Myspace, archived from the original on 2021-12-21, retrieved 2016-06-02