Type Web worm
Creator Samy Kamkar
Date Discovered 2005.10.04
Place of Origin Los Angeles, California, USA
Source Language Javascript
Platform AJAX
File Type(s)
Infection Length
Reported Costs

Spacehero also known as Samy is a Javascript worm that infects Myspace pages. It gave its creator over a million friends one day in the fall of 2004.


When a logged in Myspace user visits an infected page, Spacehero adds itself to the list ot "heroes" in the interests section of the user's page. The worm uses multiple GET and POST commands to work around the Myspace requirement that the user approve the friend request and to add Samy as a hero. It adds the phrase, "but most of all, samy is my hero". When the infected user visits another user's page, it will infect that page. Any user who views this infected page while logged in to Myspace will have their page infected.

The worm does not exploit any vulnerabilities in Myspace, and the creator has said Myspace had actually done a good job in preventing malicious code from spreading through its site. The problem was in the way some browsers executed JavaScript when they should not have. This problem goes across operating systems and Browsers. The worm works on Internet Explorer for Windows and MacOS and Safari.


Samy gained over one million "friends" on Myspace. He gained only 200 friends in the first 8 hours. It was up to 2,000 only a few hours later, and 200,000 in the next few hours. Samy says he knew there was going to be trouble by this time, and went out to a Chipotle for a burrito and to enjoy what he thought might be his last hours of freedom. When he returned home it had given him 1,000,000 friends. Samy never received any contact from Myspace, though he did get hundreds of thousands of emails from the automatic emails coming from myspace for each "friend" request.

Samy believes that the ability to customize one's Myspace page to a great extent (including using yellow on blue layouts) has done more damage to Myspace than his worm. For some time sold t-shirts with "Samy is my hero" on them.


Samy Kamkar was a 19 year old highschool dropout when he coded the Spacehero worm. He dropped out of highschool and was emancipated from his parents when he was 16. From that time, he taught himself how to program. Samy had never created a virus or worm before this and the most malicious thing he had done was make a ham radio that he used to transmit a funny message over a weather report. The idea for the worm came to Samy while he was trying to do something new on Myspace. After a week of working for an hour or two a day, he came up with the worm.

He pleaded guilty to charges related to the worm. He was sentenced to three years of probation and 90 days of community service. Samy was also required to pay an undisclosed amount to Myspace as restitution.

Other Facts

Encyclopedia Dramatica has a satirical entry on Samy, portraying him as a friendless loser still living with his parents in their basement. This is quite far from the truth, given he was emancipated from his parents and found employment at 16. The entry contains a link to the source code, also on Encyclopedia Dramatica.


Sophos, JS/Spacehero-A.

Blogoscoped, Samy, Their Hero. 2005.10.14

Dan Kaplan. Secure Computing Magazine, MySpace superworm creator sentenced to probation, community service. 2007.02.01

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License