Using a self-propagating worm that exploits a scripting vulnerability common to most dynamic Web sites, a Los Angeles teenager made himself the most popular member of community Web site MySpace.com earlier this month. While the attack caused little damage, the technique could be used to destroy Web site data or steal private information--even from enterprise users behind protected networks, according to an Internet security firm.
The unknown 19-year-old, who used the name "Samy," put a small bit of code in his user profile on MySpace, a 32-million member site, most of whom are under age 30. Whenever Samy"s profile was viewed, the code was executed in the background, adding Samy to the viewer"s list of friends and writing at the bottom of their profile, "... and Samy is my hero."