Worms Get Smarter

The recent wave of Web worms on MySpace and other social networking sites represent a new generation of more sophisticated worms ones that employ the pervasive cross site scripting (XSS) flaws found on many Websites.

Early worms were more for wreaking havoc and proof-of-concept purposes (think Code Red and Melissa), but the new worms discovered earlier this month on MySpace are more about stealing data. Example: the XSS exploit that spreads as a worm and tries to force spyware onto a user's machine for nefarious purposes. That attack is a QuickTime movie that is "backdoored" with an XSS exploit, which changes a user's profile to include links to a porn site that hosts spyware. Once a user goes to that site, he or she is infected with the spyware. Dark Reading - Desktop Security - Worms Get Smarter - Security News Analysis

Linked by shanmuga Tuesday, 12th December 2006 11:59PM