« VB2008 call for papers | Main | Facebook Worm? »
Writing A Modular Universal XSS Worm
With the recent Orkit worm, and a few MySpace worms, web/XSS worms are a very interesting topic. Here's someone's attempt on the Ph4nt0m group discussion site who is trying to create a sustainable, growable XSS worm. It seems that the use of a centralized JS source file could be it's Achilles heel, however.
The biggest issue regarding webapplication worms isn't about the worm size, but about the hole to let it propagate. With remote Javascript files we can go any place and any size we want to. The only trigger we need is a simple instance to let it become part of the website and it's DOM. We only have to call the remote Javascript file each time, and we can adjust or modify the payload of the worm at any time.
Source: Writing A Modular Universal XSS Worm, Google Groups | Ph4nt0m.
January 27, 2008 in malware , new worms | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
Sarah
http://www.clpostingguide.info
Posted by: Sarah | Apr 10, 2009 8:52:36 AM
Keeping it running sufficiently.
When I first got my computer I didn’t realize how important having antispyware was to keeping it running sufficiently. However, it didn’t take very long for it to become perfectly clear. If you don’t have a good scan you will have many problems that could be avoided so easily. Search-and-destroy Antispyware is a great option when it comes to scanning for bugs that will help you keep your computer running at its peak efficiency. The antispyware solution from Search-and-destroy which you will find at http://www.Search-and-destroy.com will help give your PC the protection it needs to keep it in good working condition.
Posted by: Rubena | Apr 25, 2009 5:26:31 AM
great post thanks
Posted by: Total Cleanse | May 16, 2009 4:31:11 PM
Most of this stuff is over my head; but you explain it as understandable as possible! Thanks!
Posted by: Worm Farms | May 22, 2009 11:42:35 AM
nice...
but can anyone tell me the basics of hacking..
i am interested in hacking ...
but i donot know hw to do that..
can anyone help me?
----LIPSREADER----
Posted by: lipsreader | Aug 5, 2009 9:38:42 AM
nice...
but can anyone tell me the basics of hacking..
i am interested in hacking ...
but i donot know hw to do that..
can anyone help me?
----LIPSREADER----
Posted by: lipsreader | Aug 5, 2009 9:38:44 AM
nice...
but can anyone tell me the basics of hacking..
i am interested in hacking ...
but i donot know hw to do that..
can anyone help me?
----LIPSREADER----
Posted by: lipsreader | Aug 5, 2009 9:38:45 AM
Very informative and interesting blog. keep up the good work.
Posted by: SEO Cost | Jan 3, 2010 11:34:36 PM
