An Italian security researcher this week has developed the first Web-based e-mail worm capable of taking advantage of cross site scripting(XSS) vulnerabilities in multiple Web-mail services.
Rosario Valotta described the new form of worm on his blog. The proof of concept, called Nduja Connection, could spread faster than one targeting only a single Web-mail provider, he said.
E-mail worms propagate by extracting contact information from the address book of each infected user, and then sending out an e-mail with the worm payload to each contact -- a user needs only to open an infected e-mail message to spread the worm.
Prior concept e-mail worms have been restricted to affecting only one e-mail client, however, the Nduja Connection worm has the potential to spread faster due to it's ability to infect users of four different Web e-mail clients.
The four Web-mail services affected by the worm are Italian providers Libero.it, Tiscali.it, Lycos.it and Excite.com. "The choice of the providers of this [Proof of Concept] has been bound to the presence of an exploitable [vulnerability] (with the above features) within the Web-mail domain. Also other popular providers (for example Gmail, Yahoo, Hotmail) suffer from XSS [vulnerabilities] in their Web-mails, but their severity is not so high to let worms like Nduja Connection to propagate." Valotta wrote.
Web-mail worms have existed in the wild since 2006, when the Yamanner worm, targeted the Yahoo e-mail system, and spread quickly throughout users of the system. It is difficult to quickly stop or slow the spread of this kind of worm once it has begun to spread due to its use of JavaScript. Turning off JavaScript in the browser renders the Web-mail system unusable.
1
Ruth - 31/03/09
Recommend it to anyone.
Search-and-destroy Antispyware is the best scan that I have used to keep my PC clean and working like new. It’s a great scanner that finds all the same bugs that other scans such as Norton can find. What’s even better is that it cost less than many of the other options. I found the antispyware solution from Search-and-destroy at http://www.Search-and-destroy.com and decided to give it a try. That was one of the best decisions I ever made. I’m very happy with this scanner and would recommend it to anyone that wants to protect and care for their PC so it will last as long as possible.
» Report offensive content
2
kelly foster - 02/10/09
I am Mr. James Kerter, A private Money lender. I am Writing you to introduce a small and large business money lending service to you. I can service your financial need with less payback problem that is why we fund you for just 3%. Whatever your circumstances, self employed, retired, have a poor credit rating, we could help. Flexible repayment over 3 to 25 years
Need business or a personal Contact us today for that loan you need with this email address: fintrustinc@aol.com
Your's Faithfully
Mr. James Kerter
» Report offensive content