« VB2008 call for papers | Main | Facebook Worm? »
Writing A Modular Universal XSS Worm
With the recent Orkit worm, and a few MySpace worms, web/XSS worms are a very interesting topic. Here's someone's attempt on the Ph4nt0m group discussion site who is trying to create a sustainable, growable XSS worm. It seems that the use of a centralized JS source file could be it's Achilles heel, however.
The biggest issue regarding webapplication worms isn't about the worm size, but about the hole to let it propagate. With remote Javascript files we can go any place and any size we want to. The only trigger we need is a simple instance to let it become part of the website and it's DOM. We only have to call the remote Javascript file each time, and we can adjust or modify the payload of the worm at any time.
Source: Writing A Modular Universal XSS Worm, Google Groups | Ph4nt0m.
January 27, 2008 in malware , new worms | Permalink
Tell others: digg submit
|
del.icio.us this
|
Reddit
Comments
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
Sarah
http://www.clpostingguide.info
Posted by: Sarah | Apr 10, 2009 8:52:36 AM
Keeping it running sufficiently.
When I first got my computer I didn’t realize how important having antispyware was to keeping it running sufficiently. However, it didn’t take very long for it to become perfectly clear. If you don’t have a good scan you will have many problems that could be avoided so easily. Search-and-destroy Antispyware is a great option when it comes to scanning for bugs that will help you keep your computer running at its peak efficiency. The antispyware solution from Search-and-destroy which you will find at http://www.Search-and-destroy.com will help give your PC the protection it needs to keep it in good working condition.
Posted by: Rubena | Apr 25, 2009 5:26:31 AM
great post thanks
Posted by: Total Cleanse | May 16, 2009 4:31:11 PM
Most of this stuff is over my head; but you explain it as understandable as possible! Thanks!
Posted by: Worm Farms | May 22, 2009 11:42:35 AM
nice...
but can anyone tell me the basics of hacking..
i am interested in hacking ...
but i donot know hw to do that..
can anyone help me?
----LIPSREADER----
Posted by: lipsreader | Aug 5, 2009 9:38:42 AM
nice...
but can anyone tell me the basics of hacking..
i am interested in hacking ...
but i donot know hw to do that..
can anyone help me?
----LIPSREADER----
Posted by: lipsreader | Aug 5, 2009 9:38:44 AM
nice...
but can anyone tell me the basics of hacking..
i am interested in hacking ...
but i donot know hw to do that..
can anyone help me?
----LIPSREADER----
Posted by: lipsreader | Aug 5, 2009 9:38:45 AM
Very informative and interesting blog. keep up the good work.
Posted by: SEO Cost | Jan 3, 2010 11:34:36 PM
it's good to see this information in your post, i was looking the same but there was not any proper resource, thanx now i have the link which i was looking for my research.
Posted by: Dissertation Writing | Feb 22, 2010 1:53:28 PM
I am short of words. This is certainly one of the superior blogs I have read. You are so perceptive, have so much genuine matter to convey
Posted by: Doctoral Dissertation | Oct 5, 2010 7:41:54 AM
Yes size is always problem in these scripts.
Essay Papers
Posted by: Liza David | Jan 1, 2011 6:04:58 AM
Thanks for writing that I find very interesting. If you get a chance, check out my site as well. I hope you have a great day!
Posted by: Tobacco | Mar 14, 2011 9:21:43 AM
oh
Posted by: Pretreatment | Mar 20, 2011 11:53:16 PM
This is certainly one of the superior blogs I have read. You are so perceptive, have so much genuine matter to convey
Posted by: essay help | Apr 11, 2011 4:03:19 AM
he liked the character so much he then sampled the shit out of the tv series, and every time i listen to operation
Posted by: resume writing service | Apr 27, 2011 2:37:44 AM
there seems to be much interest in this stduff, coud never understand it
Posted by: angular cheilitis | May 21, 2011 10:26:29 AM
Great information you got here. I've been evaluation about this topic for one week now for my papers in school and thank God I found it here in your blog.
Posted by: cheap giants tickets | Jun 7, 2011 2:09:36 AM
The biggest issue regarding webapplication worms isn't about the worm size, but about the hole to let it propagate. With remote Javascript files we can go any place and any size we want to. The only trigger we need is a simple instance to let it become part of the website and it's DOM. We only have to call the remote Javascript file each time, and we can adjust or modify the payload of the worm at any time.
Posted by: reverse phone lookup free | Jun 9, 2011 4:05:35 AM
i was looking the same but there was not any proper resource, thanx now i have the link which i was looking for my research.
Posted by: wedding photography in Lincoln | Jun 10, 2011 10:18:06 AM
Great information you have here. I was in this evaluation a week for my papers at school and I thank God I found it here in your blog.
Posted by: Testking 642-374 | Jun 21, 2011 7:42:36 AM
Very knowledgeable reading. This is such a great resource that you are providing.
Posted by: Web design Newcastle | Jul 6, 2011 11:56:41 AM
I found this site very informative because very qualitative stuff is available over here.Thanks
Posted by: motorcycle clothing | Jul 6, 2011 12:20:07 PM
Well Actually never visit the site because I read a lot of other blogs feed through Google Reader. If I find something interesting, I starr it and that’s it. I visited today Guy Blog to see how the layout was hanging.
Posted by: trading strategies | Jul 12, 2011 3:57:48 AM
Thanks for taking time to discuss this subject. Fortunately this topic is presented in your blog, assuring a decent coverage. Keep it up good work !
Posted by: p90x workout schedule | Jul 12, 2011 3:59:52 AM
The content of your blog is exactly what I needed, I like your blog, you guys are really amazing….keep it up.
Posted by: does p90x work | Jul 12, 2011 4:00:31 AM
The comments to this entry are closed.
