Thursday, July 19, 2007

Into The World Of XSS Worms

Rahul Mohandas writes on the McAfee Avert Labs Blog:

XSS worms are becoming more and more sophisticated. Lately there’s been a lot of attention on this POC worm which goes by the name Nduja. The worm spreads by exploiting cross-site scripting vulnerabilities in 4 leading webmail providers.

The life cycle of Nduja worm is similar to a classic e-mail worm and is capable of:

  1. Harvest e-mails present in the Inbox.
  2. Collecting the contacts email addresses from address book.
  3. Self Propagate to the contacts.

Recent advancement towards this side is the creation of a hybrid worm which involves client side and server side component. The technology uses XSS tunneling. Portcullis Computer Security have published a whitepaper [.pdf] describing in detail about XSS tunneling.

More here.


Post a Comment

<< Home