Wednesday, August 26, 2009

Pink Floyd Worm Spreads In Chinese Social Networking Site

Virus Researcher Boris Lau from SophosLabs writes in their blog about a worm that is spreading on Chinese social networking website, renren.com. The worm, known as W32/PinkRen-A by Sophos, poses as a flash file for the “Pink Floyd - Wish You Were Here” video - which tries to execute an external javascript file.

"The technique used in this worm exploits a simple XSS hole in the website - with a payload which has a flash component with the AllowScriptAccess=”always” attribute to allow the above “non-malicious” javascript to spread the worm via renren.com’s API", Lau writes.

First analysis of the found variant show that W32/PinkRen-A doesn't seem to do anything else than just spreads itself across renren site.

No comments: