Sophos

Download Windows 7 security - A great leap forward or business as usual?

« Don’t Get Mounted By New World of Warcraft Mounts Phishing via snail mail - Shishing? »

XSS worm targeting Chinese website

For the last few days we saw a XSS worm outbreak on renren.com - which is a facebook-like website in China.

The worm itself poses as a flash file for the “Pink Floyd - Wish You Were Here” video - which tries to execute an external javascript file.   The first line for the worm is a friendly greeting:

/ I’m not a malicious worm.^^;

The technique used in this worm exploits a simple XSS hole in the website - with a payload which has a flash component with the AllowScriptAccess=”always” attribute to allow the above “non-malicious” javascript to spread the worm via renren.com’s API. 

This is same technique used back in 2007 by the Okurt worm . 

We now detect the worm as W32/PinkRen-A.

Posted on August 24th, 2009 by Boris Lau, SophosLabs, UK
Filed under: Exploits, Malware

Email this story to a friend   Digg   Reddit   Technorati   Slashdot   Facebook   Twitter   NewsVine   MySpace   Google   Live   Mixx   del.icio.us   StumbleUpon  

Download Windows 7 security - A great leap forward or business as usual?

Related posts