Sites such as MySpace and YouTube must allow users to upload their own images, text, video, and even JavaScript to create dynamic profile pages–turning the conventional security wisdom on its head.So by cross-site scripting (XSS) attacks a dangerous question is evolved amung these sites.

Two visuses found in Myspaces are “samy my hero” & “quickSpace”

Working of “samy My hero” virus>I think anyone of user uploded infected nifty JavaScript virus that spread like a contagious disease & more than 1 million users were infected with Samy. It added someone named Samy to the user’s friends column and appended the phrase “Samy is my hero” to the infected user’s profie with a link so anyone click he will also get infected.The Samy virus used XSS to jump through the different domains used to authenticate and publish profile pages by MySpace.

Working of QuickSpace Virus>
This Virus(quickspace)exploited a feature called HREF within Apple QuickTime.The basic working of “quickspace” is that once clicked it executes various functions . HREF within QuickTime has legitimate uses, but in this case, it sent users to well-crafted phishing sites that resembled MySpace login pages.ie it will trap some of your login information.Moreover even if you didn’t click the video, the links on the infected profile page might have seduced some users into offering their MySpace login information to a third party by mistake.it may be used for adds or thgis may be a prepration for dangeraus attacks by the criminal hackers.

Labels: Information