A friend of mine has told me about this website so I take a look at it and i was impressed to see thousands of free live webcam with any sorts of sex perversions (sounds like a piece of paradise or hell depends from the points of view). Therefore i start thinking about security and, after 10 minutes, i found a critical flaw in the user profile.
In fact every user has a profile questionary that will be showed always below the webcam also during the show. The questionary inputs are NOT well filtered so i thought to use a xss as vector for the worm.
This basic worm just rewrite the victim questionary to propagate itself. As you can see, in the highlighted line, i’ve put and image with the onmouseover function in order to emulate the submit button, so when the victim move the mouse pointer over the pic the game is done and the user is infected.
These threats have a massive propagation because the infection is exponential. Usually a camshow is approximately viewed by 1000 users or so and, as the Law of large numbers teaches us, someone will pass their mouse on the “viral” image and will be infected and the story begins again but now we’ve more than one user infected that could spread the worm, in this way all the catchment area will be saturated in a few days as we already saw with twitter, myspace etc.