The Null Device

A user of the social-network site MySpace has found a novel way of making lots of friends: by inserting a piece of JavaScript code into his page which caused all viewers to friend him:

The next step was to simply instruct the Web browser to load a MySpace URL that would automatically invite Samy as a friend, and later add him as a "hero" to the visitor's own profile page. To do this without a user's knowledge, the code utilized XMLHTTPRequest - a JavaScript object used in AJAX, or Web 2.0, applications such as Google Maps.

Taking the hack even further, Samy realized that he could simply insert the entire script into the visiting user's profile, creating a replicating worm. "So if 5 people viewed my profile, that's 5 new friends. If 5 people viewed each of their profiles, that's 25 more new friends," Samy explained.

(via /.) ¶ hacks making friends myspace risks security social software worms 1

Windows worm infects teller machines, in the first documented incidence of the sort. The Windows XP-based ATMs were made by Diebold (of dodgy voting-machine fame), connected to standard TCP/IP-based networks, and have been replacing legacy OS/2-based machines on proprietary networks.

¶ atm security windows worms 0

Another resourceful criminal use of the countless thousands of virussed Windows machines on the internet: online protection rackets, where the "businessmen" (predominantly from Eastern Europe) target a high-profile website and threaten to knock them offline with a massive DDOS attack unless they pay up. Online casinos (which make a lot of money and are in poorly-policed areas) are a popular target.

Most of the computers used are broadband-connected home Windows PCs owned by clueless people, of whom there is, sadly, no shortage; and it doesn't look like the problem is going to go away, at least not until a totalitarian "trusted computing" regime is imposed on the internet at the IP level, or something equally drastic happens. Which makes me wonder whether or not Microsoft are deliberately allowing viruses to flourish on their OS as to drive people into the highly profitable embrace of Big Brother.

¶ botnets crime ddos russian mafia security viruses windows worms 1

H4x0r group claims to have written universal P2P infector, commissioned by the RIAA. The alleged worm infects MP3 files, exploits vulnerabilities in players under Windows and Linux and sends catalogues of your MP3s to the RIAA as evidence for prosecution. Oh, and did I mention that it's undetectable? So, if you have MP3s, physically destroy your hard disks NOW. (Don't just erase them; computer forensics people can recover wiped disks.) US federal prisons are not pleasant places to be.

(If the RIAA is involved, it'd be more likely that it would be a psychological warfare operation and not a technical operation; the purpose being to destroy as many unrestricted MP3s as possible. It would work like this: circulate a few things like this, stage some arrests (make sure there are TV crews to film the SWAT teams going in) and publicise that the "pirates" were brought to justice by a new P2P worm, and watch guilty geeks nuke their MP3 collections and drop their hard disks in sulphuric acid. Then, when the smoke clears, sell all the songs back to them in rights-managed pay-per-play versions, and laugh all the way to the shareholders' meeting. Could the RIAA possibly have a better way of getting all those pesky MP3 files off the market?)

(Of course, there's also the possibility that it's 100% bullshit made up by some bored teenager.) (via bOING bOING)

¶ mp3 p2p riaa worms 3

Viral marketing: Windows email worm links to porn sites, sends itself to victim's contacts. (CNN)

¶ malware spam windows worms 0