June 29, 2011

XSS Attack on Sina MicroBlog

Ulysses Wang

If you have not heard of Sina Weibo in China, you are behind the times. Sina Weibo is the most popular microblog service in China, with more than 100 million registered customers. Just yesterday (28 June), Sina Weibo was attacked through an XSS exploit: more than 30,000 high profile customers were affected and sent out messages containing a malicious link.  Sina provided a quick response, within two hours, to stop this campaign. Websense customers are protected from this attack by ACE, our Advanced Classification Engine.

Here is a snapshot of a message with a malicious link posted by a high-profile customer. The content of the message is related to some hot topic or film star in China to lure the followers to click on the link. 


Followers who click the malicious link are redirected to a page hosted on "weibo.com/pub/star", which contains an XSS exploit to allow the execution of malicious JavaScript from www.2kt.cn. 


The malicious JavaScript code could post messages on the follower's microblog account, add a follow to a suspicious account, and send a personal message to his followers. Until now, the campaign has just spread itself with no other malicious intention. Interestingly, the suspicious account which affected customers was named "hellosamy", showing some respect to the world's first XSS worm "Samy", which spread on MySpace in 2005.


Although no malicious software was installed in this campaign, Websense reminds customers to do a simple check before you click on any suspicious URL, even it comes from your best friends.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.