14 DAY TRIAL // Security researchers warn that a new worm has been spotted on Chinese social networking website Renren.com. The worm masquerades a flash music video of Pink Floyd's Wish You Were Here and spreads by exploiting a cross-site scripting hole.
The message has the title "Pink Floyd – Wish You Were Here" and it contains a maliciously crafted Flash component loaded with AllowScriptAccess="always" parameter. According to Adobe "When AllowScriptAccess is 'always', the SWF file can communicate with the HTML page in which it is embedded even when the SWF file is from a different domain than the HTML page."
The flash file is used to execute the JavaScript code present in the message body and load a script called evil.js from an external domain. As researchers indicate, the JavaScript code is used to exploit a cross-site scripting (XSS) flaw present in the website and spread the worm through its API.
Social networking worms have been increasing in number for the past few years, suggesting that these new platforms are good hunting grounds for cybercrooks. Boris Lau, a virus researcher at antivirus vendor Sophos, which detects this new threat as W32/Pinkren-A, points out that "this is same technique used back in 2007 by the Okurt worm."
Renren is a Facebook-like website very successful in China. According to estimates, it has over 40 million registered users and exceeds other global social networking websites in popularity. "One thing that is sometimes forgotten, however, is that it's not just world famous social networking sites which can be exploited by cybercriminals," notes Graham Cluley, senior technology consultant at Sophos.
Such local threats are important to the Westerners as well, because Chinese computers compromised by worms like these will join to form large botnets. These armies of zombie computers will then be used to send spam and perform distributed denial of service attacks globally.
Another important aspect to consider is that, if they are successful enough, versions of local malware like Pinkren will eventually get adapted for a broader audience. For example, Koobface, one of the most successful social networking worms, was originally launched on MySpace, but its subsequent versions targeted Facebook, Bebo, Friendster, hi5, Tagged or Twitter.