iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > MySpace Flash Attack Corrupts Profiles
Search:
[ insider_reports_insider ]

MySpace Flash Attack Corrupts Profiles



David Utter
Staff Writer
2006-07-17

SecurityProNews: Insider Reports Insider Reports RSS Feed


A Flash-based attack embedded into a MySpace profile will redirect the visitor to a blog post on 9/11 conspiracy theories while the exploit embeds itself into the MySpace profile of the user who just visited the infected profile.

MySpace Flash Attack Corrupts Profiles
MySpace Flash Attack Corrupts Profiles

A blog entry on the ChaseandSam.com website noted the MySpace issue, where an embedded Flash file caused problems for MySpace users.

Signed in users on MySpace who visit a profile that already has the malicious code infecting it will in turn have their profiles infected. Everyone who arrives at an infected page will be redirected to another blog containing a rant about the 9/11 attacks.

The ChaseandSam site listed a safe link to the Flash file exploiting the MySpace code. Since MySpace allows its users to embed code to display content, it was a trivial matter for the attacker to place the code on a profile and wait for people to stumble across it.

While the embedding feature makes it easy for MySpace users to share audio and video content, it appears the site could be more rigorous in assessing embedded code placed on profiles.

Kinematic, a user on the Digg news site, posted an assessment of the code used by the attacker. A Flash file performing the redirect would be encountered first.

Then the landing page would fire up another Flash file, retrievecookie.swf. The ActionScript in that file would then pull up a blog post from elsewhere on MySpace, and evaluate that code.

In doing so, the attack would grab the visitor's MySpace token and hash code. Kinematic commented that the hash code is supposed to be a security measure. Like the token, the hash code is also in the URL, a helpful condition for the attacker's code.

After that, the visitor's profile gets modified, and the next person to visit the profile while logged in to MySpace likewise gets infected. Fortunately, the code can be removed from the profile. The post on the ChaseandSam website shows how to find the offending code in the profile to get rid of it.

---
Tag:

Add to Del.icio.us | Digg | Yahoo! My Web | Furl

Get all the updates in RSS:




About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds