Friday, February 02, 2007

MySpace superworm creator sentenced to probation, community service
Hacking MySpace


Dan Kaplan Feb 1 2007 19:33

The man responsible for unleashing what is believed to be the first self-propagating cross-site scripting worm has pleaded guilty in Los Angeles Superior Court to charges stemming from his most infamous hacking.

Samy Kamkar, who was 19 when he unleashed the attack on MySpace.com in October 2005, was sentenced to three years of probation and ordered to perform 90 days of community service, according to a MySpace statement released Wednesday.

Kamkar also must pay an undisclosed amount of restitution to MySpace, and he is banned from accessing the internet for personal reasons for an unknown amount of time, according to the statement.

Kamkar, using a programming technique known as Asynchronous JavaScript and XML(AJAX) that permitted browsers to execute malicious code, was able to circumvent MySpace’s strong JavaScript filters.

The infection spread like wildfire, adding one million "friends" to Kamkar’s profile within several hours, in addition to placing the string "but most of all, Samy is my hero" on each of his victims’ profiles.

MySpace filed a lawsuit against Kamkar, one of a slew of civil actions the company is taking against criminals who exploit the site’s tens of millions of users.

"MySpace is committed to protecting our community from any abusive misuse of the site," the company said in the statement.

Kamkar could not be reached for comment today.