Web based worms are quickly becoming more and more sophisticated, a new proof concept worm has been released that leverages Cross-Site Scripting attacks to create a worm capable of attacking multiple web based email providers. 

The PoC worm in question targets four webmail providers and is capable of propagating across multiple WebMail providers using the exponential XSS technique. This technique is something that has been about for a few months now and has been largely theoretical, however this new worm is pretty much the first proof of the technique.

So for the moment we’re in the proof of concept stage, but it is only a matter of time before this proof is refined and made malicious.

The full details of the proof of concept worm can be found here at the authors site, along with a video of the worm in operation. More information on the exponential XSS can be found here.

Add this page to your favorite Social Bookmarking websites