$this->articleCE->primaryUrlById(3841246) = /security/article.php/3841246/Reddit+Snuffs+Out+XSS+Worm.htm
Reddit Snuffs Out XSS Worm - InternetNews.
RealTime IT News

Reddit Snuffs Out XSS Worm

Social news service Reddit is in the process of recovering from a worm that pummeled the site with malicious comments.

The cross-site scripting (XSS) worm emanated from the account of a user with the handle "xssfinder," who discovered that Reddit wasn't consistently filtering out JavaScript when a user moused over a link.

Xssfinder developed a malicious script, and tested it out by posting a link to a popular story, "Guy on a bike in New York 'high fives' people hailing cabs," according to analysts at the security firm F-Secure.

"After this, things happened quickly," they wrote in a blog post explaining the attack.

The "proof-of-concept" scripts xssfinder posted snowballed into a torrent of comments to various Reddit threads emanating from users who read the original comment.

In a thread in Reddit's programming forum, a user explained the experience.

"I went to this submission link ... and all of a sudden every comments reply window was spamming ... and submitting. I pressed escape as fast as I could and backed out of the page. I went to my overview and it had already submitted 30 replies."

In response, Reddit's administrators closed xssfinder's account, and have begun the process of deleting the massive number of malicious comments propagated by the worm.

F-Secure said that Reddit's site never went down during the worm attack.

The attack on Reddit is only the latest instance of hackers exploiting vulnerabilities in popular social media applications. In April, for instance, the white-hot microblogging service Twitter was hit with several variations of another XSS attack. The self-replicating string of code flooded the community with thousands of spam tweets by infiltrating the accounts of unsuspecting users, though Twitter officials said that no personal information had been compromised.

Facebook has encountered its own share of security threats. Taken in sum, the continued barrage of exploits against the sites has given some enterprise IT managers pause before welcoming social media applications behind the firewall.

A spokeswoman for Reddit did not immediately respond to a request for comment on today's worm.