Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Fun Ideas for a MySpace Worm
Posted by: Spikeman
Date: January 16, 2007 11:29PM

Post your ideas for funny things a MySpace Worm might do. Here are some of mine:

1) Make it post nasty comments on Tom's profile if they are his friend. (Goatse)
2) Make it delete Tom from their friends (wouldn't it be great to see Tom's friend count just cut in half?)
3) Change their locale to some strange language

Options: ReplyQuote
Re: Fun Ideas for a MySpace Worm
Posted by: WhiteAcid
Date: January 17, 2007 01:15AM

I've always thought more interesting things are things such as logging the number of users, the time it took to infect people and various stats about that user such as browser, OS, password length and password character set.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Fun Ideas for a MySpace Worm
Posted by: bubbles
Date: January 17, 2007 07:28AM

So you'd build the "Research Worm"? :)

I would probably include that JS that crashes IE, put it in everyones about me ( did they fix it in IE7? )

-bubbles
http://webmastertutorials.net

Options: ReplyQuote
Re: Fun Ideas for a MySpace Worm
Posted by: eyeced
Date: January 17, 2007 04:03PM

I was looking into automatically deleting tom from peoples friends list, tried throwing some ideas together its in the CSRF section if anyone wants to comment/build on it.

Options: ReplyQuote
Re: Fun Ideas for a MySpace Worm
Posted by: maluc
Date: January 17, 2007 05:59PM

The Anti-Privacy addition.. that makes all private myspaces as public viewable. perhaps also needing to change the ages of people under 14 to 99 due to the online predator protections. (Or alternatively, making all public profiles private)

If they stay public for a couple days, google will cache them and that snapshot will be viewable indefinitely i believe - or atleast much longer.

Additionally, post all their private messages to a PasteBin and add that as a link on their page. This won't make you any friends though..

-maluc

Options: ReplyQuote
Re: Fun Ideas for a MySpace Worm
Posted by: eyeced
Date: January 17, 2007 06:52PM

Lol, the last one is the best. I think once a few more ideas start flying in we should make a research 'worm' or maybe not even a replicating piece of code, just something educational. This post has had me thinking all day about different ways and code by which to implement some of this, i've threw as much as i could together, but its really sloppy and sketchy at the moment.

Options: ReplyQuote
Re: Fun Ideas for a MySpace Worm
Posted by: Spikeman
Date: January 17, 2007 10:59PM

I actually tried throwing a worm together, but I couldn't get any vectors to work in IE.. turns out the vector I posted in the other thread crashes IE6 (I don't know about IE7), while in theory, it should work. Anyways, it's important for it to work in IE because I'm sure almost everyone on MySpace uses it.

Options: ReplyQuote
Re: Fun Ideas for a MySpace Worm
Posted by: maluc
Date: January 17, 2007 11:46PM

i'd suggest coding it in both IE and firefox one line at a time then - and checking fuctionality. trying to get it working fully in one first then porting, will give you white hairs .. there's just too many nuances to keep track of.

There's really not too many differences in their javascript engines though .. aside from defining XHR objects, the way they handle 'defer' and extra functions/attributes that IE supports. IE's is mostly a superset of firefox's. But CSS differences give me nightmares..

I may code one this weekend to be as advanced and feature rich as possible (hopefully expect polymorphism) .. just to further worm research. But i doubt i'll execute it, merely post

hopefully the same rules about gun manufacturing are applicable to worm writing - in that the maker is not liable for it's use. ^^

-maluc

Options: ReplyQuote
Re: Fun Ideas for a MySpace Worm
Posted by: lpilorz
Date: January 18, 2007 07:27AM

Another idea for a worm: logic bomb - make it replicate quietly, and only run the malicious payload after given date. Probably would get caught earlier, but it could be an interesting experiment.

Options: ReplyQuote
Re: Fun Ideas for a MySpace Worm
Posted by: SystemOfAHack
Date: January 18, 2007 09:49AM

Hah, I was thinking that the other day. It's a good idea, however, with how much punishment MySpace is getting at the minute I'm sure the designers are checking random profiles' code now and then... I imagine it would still spread around quite a bit before running the payload though ;p

Options: ReplyQuote
Re: Fun Ideas for a MySpace Worm
Posted by: Spikeman
Date: January 19, 2007 01:45AM

Especially a polymorphic worm. It'd be hard to filter that. Especially if you updated the source code everytime they put a crappy fix for one exploit, because they won't update everyone's profile, think of the load on the server that would cause.

Options: ReplyQuote


Sorry, only registered users may post in this forum.