Samy (computer worm)
Samy (also known as JS.Spacehero) is the first XSS worm ever developed and was designed to propagate across the MySpace social-networking site. At the time of release, it gained significant media attention.
Samy Kamkar, the author of the worm, was raided by the United States Secret Service and Electronic Crimes Task Force in 2006, expanded from the USA PATRIOT Act, for releasing the worm. He entered a plea agreement on January 31, 2007 to a felony charge. The action resulted in Kamkar being sentenced to three years probation without computer use, 90 days community service, and an undisclosed amount of restitution.
The worm carried a payload that would display the string "but most of all, Samy is my hero" on a victim's profile. When a user viewed that profile, they would have the payload planted on their page. Within just 20 hours of its October 4, 2005 release, over one million users had run the payload, making Samy the fastest spreading virus of all time.
Execution of the payload resulted in a "friend request" automatically being made to the author of the virus and in messages containing the payload being left on the profiles of the friends of the victim. MySpace has secured their site against the vulnerability that allowed the attack; however, the phrase "Samy is my hero" remains in hundreds of thousands of MySpace profiles.
- "JS/Spacehero-A, Sophos threat analysis". Sophos.
- "Samy opens new front in worm war". ZDNet.
- Mann, Justin (2007-01-31). "MySpace speaks about Samy Kamkar's sentencing". Techspot.com.
- "MySpace Worm Explanation".
- "Cross-Site Scripting Worm Floods MySpace". Slashdot.
- "Google search for "Samy is my hero" on myspace.com". Google.