Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Recently we’ve encountered a cross-site scripting attack that targeted the Chinese social networking site Renren. Fortunately for users, it was quite harmless as far as these kinds of threats go—but it could have been much, much worse.

    Renren users received messages from their friends with a link that pointed to a video of the Pink Floyd song Wish You Were Here which is detected as SWF_EXECJS.A. When the user clicks the said link it executes SWF_EXECJS.A, which does show legitimate video of the song, as seen below:

    Figure 1. Legitimate video played by XSS attack

    However as the video is shown, SWF_EXECJS.A connects to a URL to execute a script detected as JS_DLOADR.ATJ. JS_DLOADR.ATJ searches for cookies related to Renren and then sends out messages with a link to the same video to everyone on the user’s list of friends. These routine are all done automatically, without any input or consent from the user.

    As it is, the attack was fairly limited, but it could have been much worse. It could have taken a page from KOOBFACE malware and sent out links to malicious sites, for example. Such attacks would be enough to put a truly ironic twist on the video used for this attack. As it is, all it did was annoy some people and embarrass Renren.

    Similar attacks that do little have hit social networking sites before, most notably Orkut, which is owned by Google.

    Both components of this attack are detected by the Smart Protection Network.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice