Recent Advancement for Network Worms
After hinting at the possible future development of widespreading worms that exist only on the Internet, spreading from browser session to browser session when victims visit compromised sites, the researcher who was behind the technological development that led to Jikto (before Billy Hoffman picked up on it) has provided more information about what is soon to be available.
A technological demonstration script has been created and pulished, which utilises a number of freely available resources to automate an attack against the browsing history of a victim. All that a victim needs to do is to visit a site which is hosting the malicious script, with Active Scripting activated (or JavaScript support active for other browsers), and the script does the rest.
If the victim has visited any of the targeted vulnerable sites in that particular browsing session, then it uses that visit as the basis for executing a XSS attack against those sites, resulting in the compromise of site cookies, and the capture of potentially sensitive data (at the least it can allow for impersonation of the victim). This means that if they have used webmail (GMail, Hotmail, Live Mail, Yahoo! Mail, etc), accessed online financial accounts, or any other number of potentially sensitive sites, that the script can capture these details and take control of the victim's presence on those sites.
31 May 2007
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.