« May 2007 | Main | March 2008 »

Writing A Modular Universal XSS Worm

With the recent Orkit worm, and a few MySpace worms, web/XSS worms are a very interesting topic. Here's someone's attempt on the Ph4nt0m group discussion site who is trying to create a sustainable, growable XSS worm. It seems that the use of a centralized JS source file could be it's Achilles heel, however.

The biggest issue regarding webapplication worms isn't about the worm size, but about the hole to let it propagate. With remote Javascript files we can go any place and any size we want to. The only trigger we need is a simple instance to let it become part of the website and it's DOM. We only have to call the remote Javascript file each time, and we can adjust or modify the payload of the worm at any time.

Source: Writing A Modular Universal XSS Worm, Google Groups | Ph4nt0m.

January 27, 2008 in malware , new worms | Permalink | Comments (60)
Tell others: digg submit del.icio.us this

VB2008 call for papers

The Virus Bulletin conference is coming up later this year, but the call for papers closing is only a month and a half away. VB is a nice, fun conference where a lot of top - and rising - AV and malware researchers meet up. There's a growing number of researchers in the field, so getting your research in front of the right people is always a good thing.

I'll skip the long - and interesting - list of topics the conference warmly accepts. About the conference:

Virus Bulletin is seeking submissions from those wishing to present papers at VB2008, which will take place 1-3 October 2008 at the Westin Ottawa, Canada.

To submit a proposal authors should:

  • send an abstract of approximately 200 words outlining the proposed paper to editor@virusbtn.com       
  • include full contact details with each submission    
  • indicate whether the paper is intended for the technical or corporate stream     

    • Note: deadline for submissions 7 March 2008

Submissions received later than 7 March 2008 will not be considered.

Authors are advised that, should their paper be selected for the conference programme, the deadline for submission of the completed papers will be Monday 9 June 2008, and that they must be available to present their papers in Ottawa between 1 and 3 October 2008.

I don't know if I'll be submitting anything or if I'll be attending, although I would like to. I hope many of you consider submitting research works there, however.

January 25, 2008 in events, papers | Permalink | Comments (96)
Tell others: digg submit del.icio.us this

LEET '08 Call for Papers

The First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '08) has a CFP that closes soon. From the CFP:
Overview As the Internet has become a universal mechanism for commerce and communication, it has also become an attractive medium for online criminal enterprise. Today, widespread vulnerabilities in both software and user behavior allow miscreants to compromise millions of hosts (worms, viruses, drive-by exploits, etc.), conceal their activities with sophisticated system software (rootkits), and manage these resources via a distributed command and control framework (botnets). This platform in turn provides economics of scale for a wide range of criminal activities including spam, phishing, DDoS, click fraud, and so on.

Topics LEET has evolved from the combination of two other successful workshops, the ACM Workshop on Recurring Malcode (WORM) and the USENIX Workshop on Hot Topics in Understanding Botnets (HotBots), which have each dealt with aspects of this problem. However, while papers relating to both worms and botnets are explicitly solicited, LEET has a broader charter than its predecessors. We encourage submissions of papers that focus on any aspect of the underlying mechanisms used to compromise and control hosts, the large-scale "applications" being perpetrated upon this framework, or the social and economic networks driving these threats.

Source: LEET '08 Call for Papers. Topics for the workshop for readers here include: Infection vectors for malware (worms, viruses, etc.), Boutique and targeted malware, and Reverse engineering.

Important dates:

  • Submissions due: February 11, 2008, 11:59 p.m. EST
  • Notification of acceptance: March 24, 2008
  • Final papers due: April 4, 2008
I don't know if I'll be submitting anything ...

January 5, 2008 in events, papers | Permalink | Comments (5)
Tell others: digg submit del.icio.us this

Diminutive XSS Worm Replication Contest

A friend pointed this out to me. Evidently the Sla.ckers.org website is hosting a "Diminutive XSS Worm Replication Contest". Their mission: to see who an write a new XSS worm (like the MySpace one, the recent Orkut one, etc).

The goal of the contest is to have a functional web worm in as small a package as possible. From the website:

Okay folks, new small challenge - no prize, just an exercise in programming skill and because I want to see the results. After reading over the XSS worm thread I got to thinking. We haven't, to my knowledge, ever had a diminutive worm writing contest. We've done it for JS injection and for pulling in remote JS but not for worms. You can submit your code to this thread directly (I'd prefer it actually so that others can benefit from what you've done). If that's for some reason not acceptable sent me your code directly and we can figure something out. Either way the winner's code must be posted in this thread. Actual cutoff to submit is Thursday the 10th of January at 7PM GMT.
Source: Diminutive XSS Worm Replication Contest, from the sla.ckers.org forums.

January 5, 2008 in malware , new trends, new worms | Permalink | Comments (12)
Tell others: digg submit del.icio.us this