Flash-based Social Networking Worm Rampages On Livejournal

[Peaches]

<h1 style="margin: 0pt; width: 450px;"></h1>

Flash-based social networking worm rampages on Live-Journal

Steals email addresses and lowers privacy

by Lucian Constantin

24th of September 2009,

Users of the LiveJournal blogging platform were the target of a malicious attack on Tuesday, when a social networking worm that spread by simply viewing an infected post was released on the website. The malware stole email addresses and made private blog entries accessible to everyone.

The LiveJournal staff has posted a detailed announcement describing the attack, which is said to have only lasted for less than two hours. As a result, the ability to embed video files into blog entries has been suspended, but has since been restored for a few trusted services such as YouTube.

The social networking worm propagated through an embedded flash video that used the allowScriptAccess parameter to trigger a cross-site scripting condition. According to Adobe, "When AllowScriptAccess is 'always,' the SWF file can communicate with the HTML page in which it is embedded even when the SWF file is from a different domain than the HTML page."

Upon viewing an already infected posting, the exploit proceeded to compromising the account of the visitor by adding the malicious code to their latest entry, resetting its icon and metadata, as well as setting its security to public so that it could be viewed by everyone. Additionally, the email address registered with the account was recorded and possibly uploaded to a third-party server.

read more details at Softpedia - http://news.softpedia.com/news/Flash-Based...al-122569.shtml