XSS Virus Hits Reddit
Security researchers have reported that a variant of the XSS virus spread to users' computers through postings made to the social news service Reddit, apparently emerging from the account of a user named xssfinder.
Narrating his experience on the programming forum of Reddit, a user said that when he clicked the submission link, suddenly all the comments posting reply boxes started spamming and submitting. However, he was able to exit from the page by pressing escape. He then accessed his 'overview' only to find that it had by then submitted 30 replies, reported internetnews.com this on September 28, 2009.
Clearly, the script generated a number of spam comments, an act called "comment bomb" that were submitted repeatedly so that the site comes to an unexpected halt.
Ultimately, Jeremy Edberg, senior product developer, Reddit, elaborated that the miscreant behind the XSS actually exploited two security flaws for spreading the infection, whereby one could be abused by adding an MD5 hash function to each comment's end. SC MAGAZINE reported this on September 28, 2009.
Meanwhile, exploiting flaws within widely-used social media programs, like in Reddit's case, is nothing new. In 2008, Koobface virus struck Facebook, with fresh variants continuously emerging during his summer. Similarly, spammers are increasingly attacking Twitter through multiple accounts that maliciously dispatch phishing links.
Related article: XSS Bug Remains the Worst Infection for Sites
» SPAMfighter News - 19-10-2009