中国のSNSでクロスサイトスクリプティングを利用したマルウエアな攻撃が出ているそうです。

Recently we’ve encountered a cross-site scripting attack that targeted the Chinese social networking site Renren. Fortunately for users, it was quite harmless as far as these kinds of threats go but it could have been much, much worse.

Renren users received messages from their friends with a link that pointed to a video of the Pink Floyd song Wish You Were Here which is detected as SWF_EXECJS.A. When the user clicks the said link it executes SWF_EXECJS.A, which does show legitimate video of the song, as seen below:

XSS Attack Targets Chinese Social Networking Site - TrendLabs Security Intelligence Blog