Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Jan7
    11:19 pm (UTC-7)   |    by

    Over on Sla.ckers.org, a security researcher who uses the handle Rsnake (a.k.a. Robert Hansen) proposed a competion (due to end on Jan 10th) to create the smallest, self-propogating XSS worm possible. Cross-site scripting (XSS) is a type of computer vulnerability associated with Web applications and which allows an attacker to inject code into the Web pages viewed by other users.

    There have been previous examples of XSS worms in the wild. The most famous is most likely the “Samy is my Hero” that affected MySpace, but recently we post about another threat that targeted Google’s social network, Orkut.

    Rsnake’s idea is that by promoting the writing of such a worm, it will better help researchers to protect against them. This idea opens up the same debate that started in 2003, when Professor John Aycock of the University of Calgary in Canada announced that a module in “Computer Viruses and Malware” would be taught in his course. This issue divided security experts back in 2003, and it’s likely Rsnake’s challenge will do the same. On one side of the fence we have people like Ken Barker, Head of Calgary Computer Science Dept., who argue that “the better we understand something, even if we radically disagree with it, the more likely we are to provide effective mechanisms to counteract it.” The other argument of course is that we do not need to actually create malicious code in order to understand how it works.

    This debate will not wrap up anytime soon, with both sides making interesting points. There is no doubt however that XSS attacks are a major security concern for Web users today, and will continue to increase. So far we have been lucky that majority of XSS worms have been non-malicious in their motives (with the exception of JS_YAMANER.A).
    Unfortunately I doubt that this trend will continue in the future.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice