Home / malware Worm.JS.Spacehero.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
Worm.JS.Spacehero.A is also known as Net-Worm.JS.Spacehero.a, JS.Spacehero, JS/Spacehero.A, worm, JS/Spacehero.A, JS/Spacehero.A!worm, Script.Spacehero.A, JS/Hero.A.
Explanation :
The worm uses XSS (Cross-site scripting) to propagate itself on the myspace social networking website (www.myspace.com).
It approaches different techniques to avoid the security system of the website, building its own code, in order to circumvent the already fixed vulnerabilities in the website. After that, the worm adds a specific profile to the friends page of the infected profile and puts its own code in the list of heroes that belongs to the Interest section, accompanied by a new entry : "but most of all, samy is my hero.". Considering this, when another user visited the infected profile, it would get infected too; this helped the worm become one of the fastest-spreading worms on the Internet.
At the time of analysis, MySpace fixed its security issue and the worm isn't active anymore.Last update 21 November 2011