First of all I need to let you know that it is not within our practice to disclose vulnerabilities on specific online applications. However, given the fact that Pownce, the vendor, was responsibly informed and the fact that we believe that the issue is interesting enough to be discussed, we’ve decided to let you know about our findings. [...]
Yep, Orkut, Google’s Social Network, was hit by a XSS worm, the source of which you will be able to find at the bottom of this post. To be honest with you, it was about time. The trend for infecting social networks with Web2.0 malware will continue to increase during the following years. This is for sure! The simple fact is that social networks collect a lot of personal information which attackers can easily harvest for their own benefit. [...]
WormX is a collection of various notorious web worms mostly written on the top of popular client-side technologies and propagating primarily on social networking web sites.
For those of you who do not know what ajax worms are, here is a bit of Internet history:
If you want to submit a worm, we are going to need the following information:
Worm name – It must be enclosed inside <h3>[atom name here]</h3> tags. [...]