Samy (also known as JS.Spacehero) is a

cross-site scripting Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be ...

worm Worms are many different distantly related bilateria, bilateral animals that typically have a long cylindrical tube-like body, no limb (anatomy), limbs, and usually no eyes. Worms vary in size from microscopic to over in length for marine ...

(

XSS worm An XSS worm, sometimes referred to as a cross site scripting virus, is a malicious (or sometimes non-malicious) payload, usually written in JavaScript, that breaches browser security to propagate among visitors of a website in the attempt to pro ...

) that was designed to propagate across the

social networking site A social networking service (SNS), or social networking site, is a type of online social media platform which people use to build social networks or social relationships with other people who share similar personal or career content, interests ...

MySpace Myspace (formerly stylized as MySpace, currently myspace; and sometimes my␣, with an elongated Whitespace character#Substitute images, open box symbol) is a social networking service based in the United States. Launched on August 1, 2003, it w ...

Samy Kamkar Samy Kamkar (born December 10, 1985) is an American privacy and security researcher, computer hacker and entrepreneur. At the age of 16, he dropped out of high school. One year later, he co-founded Fonality, a unified communications company bas ...

. Within just 20 hours of its October 4, 2005 release, over one million users had run the payload making Samy the fastest-spreading

virus A virus is a submicroscopic infectious agent that replicates only inside the living Cell (biology), cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Viruses are ...

of all time. The worm itself was relatively harmless; it carried a

payload Payload is the object or the entity that is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of t ...

that would display the string "but most of all, samy is my hero" on a victim's MySpace profile page as well as send Samy a friend request. When a user viewed that profile page, the payload would then be replicated and planted on their own profile page continuing the distribution of the worm. MySpace has since secured its site against the vulnerability.

, the author of the worm, was raided by the

United States Secret Service The United States Secret Service (USSS or Secret Service) is a federal law enforcement agency under the Department of Homeland Security tasked with conducting criminal investigations and providing protection to American political leaders, thei ...

and Electronic Crimes Task Force in 2006 for releasing the worm. He entered a

plea agreement A plea bargain, also known as a plea agreement or plea deal, is a legal arrangement in criminal law where the defendant agrees to plead guilty or no contest to a charge in exchange for concessions from the prosecutor. These concessions can include ...

on January 31, 2007, to a

felony A felony is traditionally considered a crime of high seriousness, whereas a misdemeanor is regarded as less serious. The term "felony" originated from English common law (from the French medieval word "''félonie''") to describe an offense that r ...

charge. The action resulted in Kamkar being sentenced to three years'

probation Probation in criminal law is a period of supervision over an offence (law), offender, ordered by the court often in lieu of incarceration. In some jurisdictions, the term ''probation'' applies only to community sentences (alternatives to incar ...

with only one (remotely-monitored) computer and no access to the Internet for life (this provision was later struck off by a judge), 90 days'

community service Community service is unpaid work performed by a person or group of people for the benefit and betterment of their community contributing to a noble cause. In many cases, people doing community service are compensated in other ways, such as gettin ...

, and $15,000–$100,000,000 in restitution, as well as a 20-year suspended prison sentence, as directly reported by Kamkar himself on "Greatest Moments in Hacking History" by

Vice Media Vice Media Group LLC is a Canadian-American digital media and broadcasting company. Vice Media encompasses four main business areas: Vice Studios Group (film and TV production); Vice TV (a joint venture with A&E Networks, also known as Vicelan ...

's video website,

Motherboard A motherboard, also called a mainboard, a system board, a logic board, and informally a mobo (see #Nomenclature, "Nomenclature" section), is the main printed circuit board (PCB) in general-purpose computers and other expandable systems. It ho ...

References

External links

Motherboard S01E03 Greatest Moments In Hacking History: Samy Kamkar Takes Down MyspaceDarknet Diaries - Samy (Episode 61)
{{DEFAULTSORT:Samy (Xss) Computer worms Myspace JavaScript Hacking in the 2000s