A blog entry on the ChaseandSam.com website noted the MySpace issue, where an embedded Flash file caused problems for MySpace users.
Signed in users on MySpace who visit a profile that already has the malicious code infecting it will in turn have their profiles infected. Everyone who arrives at an infected page will be redirected to another blog containing a rant about the 9/11 attacks.
The ChaseandSam site listed a safe link to the Flash file exploiting the MySpace code. Since MySpace allows its users to embed code to display content, it was a trivial matter for the attacker to place the code on a profile and wait for people to stumble across it.
While the embedding feature makes it easy for MySpace users to share audio and video content, it appears the site could be more rigorous in assessing embedded code placed on profiles.
Kinematic, a user on the Digg news site, posted an assessment of the code used by the attacker. A Flash file performing the redirect would be encountered first.
Then the landing page would fire up another Flash file, retrievecookie.swf. The ActionScript in that file would then pull up a blog post from elsewhere on MySpace, and evaluate that code.
In doing so, the attack would grab the visitor’s MySpace token and hash code. Kinematic commented that the hash code is supposed to be a security measure. Like the token, the hash code is also in the URL, a helpful condition for the attacker’s code.
After that, the visitor’s profile gets modified, and the next person to visit the profile while logged in to MySpace likewise gets infected. Fortunately, the code can be removed from the profile. The post on the ChaseandSam website shows how to find the offending code in the profile to get rid of it.
January 2nd, 2007 at 4:00 pm
I found your website after I have been surfing the internet to be useful
January 7th, 2007 at 5:07 am
Ein wirklich sehr Interessante Seite mit guten Informationen.
January 8th, 2007 at 11:03 am
Just dropping in to let you know you have an interesting site. I hope you’ll continue to work on it. Wishing you all the best.
January 10th, 2007 at 4:42 pm
Nice website
January 10th, 2007 at 11:20 pm
Nice page. It’s good to have kids who can use this medium to find you
January 11th, 2007 at 6:14 am
Hi - enjoyed your home page!
January 12th, 2007 at 2:21 pm
Warm greetings! Thanks for all the information, a very nice and well done site! Cheers.
January 13th, 2007 at 6:12 am
I love everything about this site!!
January 13th, 2007 at 5:41 pm
A very very nice site with helpful informations! So keep up the good work - I already added the site to my personal favourites. All the best!
January 14th, 2007 at 9:12 pm
Hi - enjoyed your home page!
January 16th, 2007 at 11:36 am
Got here and seen your stuff - way to go!
January 17th, 2007 at 1:49 am
Logging into this website should be a requirement for anyone knowledgeable on earth these days…
January 20th, 2007 at 2:40 pm
perfect site !!!!!!!! Perfect piece of work fellows !!!!!!!
January 22nd, 2007 at 2:18 am
I just want you to know that I think you did a terrific job on this websight.
January 22nd, 2007 at 5:05 pm
Hi My wife and I would like to thank you all for this web site. Hours of pleasure and all
January 23rd, 2007 at 11:38 pm
Our site is cool, but also yours is very nice too
January 24th, 2007 at 4:43 pm
Nice! We rather appreciated the website
January 25th, 2007 at 1:08 pm
Like the site very much, thanx 4 your efforts webmasters
January 27th, 2007 at 9:12 am
Exstremely lovely site. Very impressed about all the lesson there are to learn and to know how much help is there also. Keep up the great work
January 27th, 2007 at 9:14 am
Great site! Best wishes!
January 28th, 2007 at 11:29 pm
SarahBell ( ) wrote:
January 29th, 2007 at 3:31 am
Boy, this is some high-class site
January 29th, 2007 at 8:25 pm
I have admire your unselfishness in taking the time to make this web site.
January 31st, 2007 at 5:22 am
Hello, I’m a regular visitor to your site so i finally decided its time to sign your guestbook, so here i sign !
January 31st, 2007 at 3:57 pm
I have admire your unselfishness in taking the time to make this web site.
January 31st, 2007 at 5:56 pm
Great stuff here guys, check this site out!
January 31st, 2007 at 5:58 pm
You have a good site, i enjoyed my stay!
February 1st, 2007 at 3:43 am
I just want you to know that I think you did a terrific job on this websight.
February 1st, 2007 at 3:45 am
Warm greetings! Thanks for all the information, a very nice and well done site! Cheers.
February 1st, 2007 at 8:52 am
Hi - enjoyed your home page!
February 1st, 2007 at 8:53 am
Your website is beautifully decorated and easily navigated. I have enjoyed visiting this site today and hope to visit many more times in the future.
February 1st, 2007 at 7:15 pm
This is a very beautiful website, I have enjoyed my visit here very much. I’m very honoured to sign in your guestbook. Thanking you for the great work that you are doing here.
February 6th, 2007 at 4:57 pm
You’re website looks very good, it was a pleasure to be on you’re. Keep on the good work
February 7th, 2007 at 2:42 pm
What a nice site, been surfing on it for the whole night and day and i neva got bored for a single minute. Keep up your good work and all of the best in everything you do! :-)
February 7th, 2007 at 2:43 pm
I must say that I was surprised to find this web page, but - - - Good Job.
February 9th, 2007 at 10:19 am
Your site is also very interesting, very calming effect just reading it. Will spend more time with certain areas. Well done and good luck with your work.
February 11th, 2007 at 12:24 pm
Great website, it was actually quite real helpful.
February 12th, 2007 at 7:46 am
a really great homepage! i’m a big fan of your stuff although i’m just 16!
February 12th, 2007 at 1:44 pm
It´s a very good website you have here,
February 12th, 2007 at 10:26 pm
This is a one super duper site
February 13th, 2007 at 10:40 am
Super site darlings. Thanks awfully
February 13th, 2007 at 6:41 pm
%-) genuinely interested by this website
February 14th, 2007 at 1:39 pm
Thank you for the great web site - a true resource, and one many people clearly enjoy
February 15th, 2007 at 1:11 am
just a quick hello and congratulations to your nice website ! i’ll visit you again!
February 15th, 2007 at 6:25 am
In Zeiten von massenhaft Websitenmüll im Internet eine sehr gut aufgebaute Website, nicht überdimensioniertes Design und sehr gut recher-schierte Hintergrundinformationen.
May 31st, 2007 at 12:06 am
There are several drum yamaha on the ton
for willpower place trades. In herbal, cheat contrary gloves
to bond any exhibit that they improve.
May 31st, 2007 at 5:22 am
There are satiate a travel alarm
waterfront pension is capable of doing that for you.
If you are late on pledges, you village riping slapped with penalties.
June 17th, 2007 at 5:08 pm
ZHVDsw bhsdrjkvbfjksbhfsvkbdhfkv
August 25th, 2007 at 11:50 am
August 10th, 2008 at 10:54 am
Thanks for this!