"Web worms can use Google's infrastructure to propagate. If a malicious mind finds a vulnerability in WordPress for example and this vulnerability allows SQL Injection, a worm may be written to crawl blogs in search for this vulnerability and embed itself into everything that is vulnerable. Once a user visits an infected blog the worm starts another cycle.
Another worm might be able to crawl random sites and run generic Cross-site Scripting and SQL Injection checks and send the results to their master who will use them to release more advance worms.
Malicious minds can use Google technology and recently discovered vulnerabilities to create a BotNet that can be used for computational tasks, attacks, information gathering and pretty much everything else that the masters can come up with."
Unlike standard worms, JavaScript worms are not easy to detect and can spread rapidly . The author also thinks that in the future the web will be the new arena for malware, and we may need a web anti-virus that monitors visited web pages.
Related:
Cross-site scripting (Wikipedia)
Cross-site request forgery (Wikipedia)
Samy is my hero (MySpace worm)
More about Google Ajax Search API
I'm proud to be bulgarian :) pdp architect, the man behind gnucitizen, is bulgarian too.
ReplyDeleteI did my favourite search with google ajax here
ReplyDelete