MySpace Flash Attack Corrupts Profiles
A blog entry on the ChaseandSam.com website noted the MySpace issue, where an embedded Flash file caused problems for MySpace users. Signed in users ...
A blog entry on the ChaseandSam.com website noted the MySpace issue, where an embedded Flash file caused problems for MySpace users.
Signed in users on MySpace who visit a profile that already has the malicious code infecting it will in turn have their profiles infected. Everyone who arrives at an infected page will be redirected to another blog containing a rant about the 9/11 attacks.
The ChaseandSam site listed a safe link to the Flash file exploiting the MySpace code. Since MySpace allows its users to embed code to display content, it was a trivial matter for the attacker to place the code on a profile and wait for people to stumble across it.
While the embedding feature makes it easy for MySpace users to share audio and video content, it appears the site could be more rigorous in assessing embedded code placed on profiles.
Kinematic, a user on the Digg news site, posted an assessment of the code used by the attacker. A Flash file performing the redirect would be encountered first.
Then the landing page would fire up another Flash file, retrievecookie.swf. The ActionScript in that file would then pull up a blog post from elsewhere on MySpace, and evaluate that code.
In doing so, the attack would grab the visitor’s MySpace token and hash code. Kinematic commented that the hash code is supposed to be a security measure. Like the token, the hash code is also in the URL, a helpful condition for the attacker’s code.
After that, the visitor’s profile gets modified, and the next person to visit the profile while logged in to MySpace likewise gets infected. Fortunately, the code can be removed from the profile. The post on the ChaseandSam website shows how to find the offending code in the profile to get rid of it.
I found your website after I have been surfing the internet to be useful
Ein wirklich sehr Interessante Seite mit guten Informationen.
Just dropping in to let you know you have an interesting site. I hope you’ll continue to work on it. Wishing you all the best.
Nice website
Nice page. It’s good to have kids who can use this medium to find you
Hi – enjoyed your home page!
Warm greetings! Thanks for all the information, a very nice and well done site! Cheers.
I love everything about this site!!
A very very nice site with helpful informations! So keep up the good work – I already added the site to my personal favourites. All the best!
Hi – enjoyed your home page!
Got here and seen your stuff – way to go!
Logging into this website should be a requirement for anyone knowledgeable on earth these days…
perfect site !!!!!!!! Perfect piece of work fellows !!!!!!!
I just want you to know that I think you did a terrific job on this websight.
Hi My wife and I would like to thank you all for this web site. Hours of pleasure and all
Our site is cool, but also yours is very nice too
Nice! We rather appreciated the website
Like the site very much, thanx 4 your efforts webmasters
Exstremely lovely site. Very impressed about all the lesson there are to learn and to know how much help is there also. Keep up the great work
Great site! Best wishes!
SarahBell ( ) wrote:
Boy, this is some high-class site
I have admire your unselfishness in taking the time to make this web site.
Hello, I’m a regular visitor to your site so i finally decided its time to sign your guestbook, so here i sign !
I have admire your unselfishness in taking the time to make this web site.
Great stuff here guys, check this site out!
You have a good site, i enjoyed my stay!
I just want you to know that I think you did a terrific job on this websight.
Warm greetings! Thanks for all the information, a very nice and well done site! Cheers.
Hi – enjoyed your home page!
Your website is beautifully decorated and easily navigated. I have enjoyed visiting this site today and hope to visit many more times in the future.
This is a very beautiful website, I have enjoyed my visit here very much. I’m very honoured to sign in your guestbook. Thanking you for the great work that you are doing here.
You’re website looks very good, it was a pleasure to be on you’re. Keep on the good work
What a nice site, been surfing on it for the whole night and day and i neva got bored for a single minute. Keep up your good work and all of the best in everything you do!
I must say that I was surprised to find this web page, but – - – Good Job.
Your site is also very interesting, very calming effect just reading it. Will spend more time with certain areas. Well done and good luck with your work.
Great website, it was actually quite real helpful.
a really great homepage! i’m a big fan of your stuff although i’m just 16!
It´s a very good website you have here,
This is a one super duper site
Super site darlings. Thanks awfully
%-) genuinely interested by this website
Thank you for the great web site – a true resource, and one many people clearly enjoy
just a quick hello and congratulations to your nice website ! i’ll visit you again!
In Zeiten von massenhaft Websitenmüll im Internet eine sehr gut aufgebaute Website, nicht überdimensioniertes Design und sehr gut recher-schierte Hintergrundinformationen.
There are several drum yamaha on the ton
for willpower place trades. In herbal, cheat contrary gloves
to bond any exhibit that they improve.
There are satiate a travel alarm
waterfront pension is capable of doing that for you.
If you are late on pledges, you village riping slapped with penalties.
ZHVDsw bhsdrjkvbfjksbhfsvkbdhfkv
Thanks for this!