- Me & Cheater presented a Yahoo Self Spreading Worm with an ALIVE XSS attached to it. Our team was called "Screw Tinkode the Skiddie" and we are part of the Romanian Security Team ( rstcenter.com ). We found the XSS hole in the first day of OpenHack ( 10 minutes to find it, 6 hours to craft the injection for filter evasion ) and took us 15 hours to develop the worm. The worm was self spreading via instant messaging on Yahoo Messenger. The contacts were reciving IMs with a link appended to them; if they had opened the malicious web page their cookies had have been stolen and given to the worm. Having new victims, the worm uses their cookies to spread more IMs with malicious content. Besides the automated process, we also had a control panel with the following functions ( all based on cookie authentication and manipulation, no password required ) :
- - list all the victims by their Yahoo IDs
- - log in on a victim's email account
- - fetch a victim's contact list
- - mass send a message to all of a victim's contacts
- I didn't have enough time to present the control panel due to weak internet signal.
- After my incomplete short presentation of the full potential of the worm, in the break between the software and hardware presentation, the Yahoo Jury ( formed by big shot guys ) had a little talk with me and Cheater ;).
- pax, 2011.
RAW Paste Data