Malware authors have developed a cross site scripting worm that's spreading across a Chinese social networking website.The Pinkren-A worm affectation as a video clip of Pink Floyd's Wish You Were Here contained in messages sent to users of Renren, the Chinese social networking website with around 40 million members. Selecting these messages reports in the achievement of malicious JavaScript, further scattereding the infection."The technique used in this worm deed a simple XSS hole in the website with a loading which has a flash component with the AllowScriptAccess=”always” attribute to allow the above “non-malicious” javascript to spread the worm via renren.com’s API," explains Sophos investigator Boris Lau in a blog posting. Preliminary analysis suggests Pinkren A simply spreads across the Facebook like site without doing anything more malicious.The techniques working by the worm are similar to those of the Mikeyy worms that spread quickly across microblogging site Twitter bygone this year and an Orkut worm in 2008. Orkut isn't famous in the US or Europe, but the Google owned social networking site is long in Brazil and up and coming in India. ®
No comments:
Post a Comment