Worm That Exploits your Friendship
Symantec Security Response has found a new threat that spreads through Renren.com, which is a very popular Social Networking Site in China ala Facebook. The threat comes in a form of a Flash video, which pretends to be a famous Pink Floyd promotional video clip "Wish you were here."
Viewing the Flash video results in concealed JavaScript being executed while the video is playing.
The video is hosted on a legitimate site. The threat exploits an authentication cookie of a currently logged-in user in order to send out the same link (for the Flash file) to users on the Friends list.
We detect this malicious XSS threat as Js.Frienren.
About Security Response Blog
Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:
Recently on Twitter
- You can find Symantec’s blog post on MSFT’s February #PatchTuesday updates here: http://t.co/kuRYUH5023 hours 27 min ago
- MSFT patches six critical vulnerabilities: http://t.co/bhNCCM8h14 Feb 2012
- Revamped Fake #Android Market for SMS Fraud http://t.co/mlrosRUH #malware10 Feb 2012
- Is Waledac spam dirtying the Russian 2012 elections? http://t.co/6gWaIyq610 Feb 2012
- Trojan.Activehijack found in the wild using a known #Office #vulnerability. http://t.co/7L8Xszwr09 Feb 2012