Friday November 21, 2008 2:11 AM AEST

SC Magazine Australia/NZ > News > Vulnerabilities & Exploits > Web > Warning on web 'super worm'

Vulnerability Alerts

SANS

Microsoft

Microsoft Security Bulletin Summary for November 2008
MS08-069 – Critical: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218) - Version:1.0

CERT/CC

Latest Comments

"Hi this is the mail I received Brett Karpman show details Nov 17 (3 days ago) Reply Atten..."

on Yahoo and Microsoft take aim at lottery scams

by Rodney Churchyard | Nov 20, 2008 6:13 PM

"security through obscurity...shows how detached HIPAA is from reality."

on Privacy breaches causing business instability

by priceOfFishInChina | Nov 20, 2008 1:19 PM

"Umm. no. The 6.5 product is mounting the offline VM image and performing a scan for patch ..."

on Shavlik Technologies to broaden its patch management offerings

by eric | Nov 20, 2008 8:15 AM

"it's great i tried it"

on McAfee offers free trial of security appliance

by divyacharan | Nov 20, 2008 12:24 AM

"I actually love the RoboForm software myself. I use it all of the time and it takes all of the ..."

on Siber Systems RoboForm Enterprise

by Omarra Byrd | Nov 18, 2008 8:19 AM

Web

Warning on web 'super worm'

By Iain Thomson
Oct 4, 2007 10:03 AM
Tags: Warning | on | web | 'super | worm'

A 'creative hacker' organisation known as GNU Citizen has published details of cross-site scripting (XSS) flaws that could be used to inject malware into computers via a web browser.

The worm could scan IP addresses for vulnerable pages and then spread quickly across the internet.

These flaws are have been gathered in an online archive, XSSED.com, that could be used by malware writers to identify vulnerable sites.

A permanent malware spamming program could spread viruses across the internet by setting up a continuous link to the vulnerable site.

"XSSED.com has the largest archive of real, fully working, XSS vulnerabilities available today," said a site poster known as 'pdp'.

"They even have a list of XSS vulnerabilities found in websites ranked 500 and below. We are talking about high profile websites here."

The only limiting factor would be the ability of the online database to handle the traffic.

"A super worm of this kind could have potentially devastating consequences in the very near future," said Pete Simpson, Threatlab Active manager at Clearswift.

"The technology exists and the key question is one of motivation. A multitude of easy targets within web 2.0 social networks must certainly be attractive to organised crime."

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Vulnerabilities & Exploits Whitepapers

Warning on web 'super worm'

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management