XSS Worm on Chinese Twitter

Users of Sina Weibo, the Chinese Twitter alternative, were targeted by a cross-site scripting (XSS) worm spreading through a vulnerability on the micro blogging site.
With over 140 million users, Sina Weibo is the most popular social networking site in China, a country where both Twitter and Facebook are banned. The site's administrators announced that an worm exploiting an XSS weakness hit the platform on Tuesday evening. The worm propagated through messages that lured users with videos, pictures and software. For example some advertised bloopers from a new film, while others nude pictures of Chinese actress Fan Bingbing. Clicking on the included links forced users to re-post the spam messages from their own accounts, therefore helping the worm spread.
The attack was apparently launched from an account called @hellosamy, a name possibly chosen as a tribute to the Samy (Spacehero) worm released on MySpace back in 2005.
The work of security enthusiast Samy Kamkar, Spacehero was the first large-scale worm to spread on a social network by exploiting a cross-site scripting vulnerability and paved the way for many similar attacks that have occurred since then.
There is barely any social network left that hasn't been affected by such a worm. Some of them have had to deal with such problems multiple times and on some occasions the attacks distributed malware or spam.

There doesn't seem to have been any malicious component behind the Weibo worm, though, except for its spreading mechanism.

When such attacks happen if webmasters are not quick enough there is a high risk that the worms will mutate as other users modify the code and launch their own versions. In this case, the Weibo staff plugged the hole in around one hour, which is a rather long time for such an attack.

-News Source (Softpedia)


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH

Related Posts Plugin for WordPress, Blogger...