Feeds

Could blogging spread computer worms?

Definitely maybe

  • alert
  • submit to reddit

5 things you didn’t know about cloud backup

Could RSS feeds become a conduit for the transmission of computer worms? Security experts are at odds over the possibility. Those who play down the threat point to the fact that no virus has ever used the propagation technique while others say it's only when a network reaches critical mass (as in the case of instant message and file sharing networks) that malware threats show their ugly head.

Personal firewall firm Zone Labs describes RSS feeds (together with mobile phones and PDAs) as the "next battleground in security". Gregor Freund, chief exec and co-founder of the Check Point Software subsidiary, said RSS feeds are a potential threat because whenever you have unstructured or unfiltered data you can end up with viruses. He added that Zone Labs had spotted malicious behaviour over RSS feeds but wasn't able to supply any details on what this malfeasance might be.

Trivial exploits would involve pointing readers of RSS feeds towards maliciously constructed websites. Peter Craig, UK product marketing manager at Trend Micro, explained: "RSS feeds point to HTML pages and as such, they can be made to point to HTML-exploits or malicious JavaScript. It certainly can be a possible way of distributing malicious code over the internet to the subscribers of the RSS feed. The impact of this distribution method would be related to the popularity of the feed. As far as I know it has never been used in any live virus so far."

More complex attacks are also at least theoretically possible. Dave Rand, chief technologist for Internet content security at Trend Micro, said that worms might be created that exploited vulnerabilities in RSS readers to spread.

But Craig played down the likelihood of an attack based on this approach, at least in the short term. "RSS feeds can't ever be a solid propagation method until there are enough RSS feeds with lots of subscribers in normal end-user machines or there's a way to access server-based feeds more easily," he said. ®

Related stories

Beware of toxic blogs
Porno blog spam turns nasty
ATMs in peril from computer worms?

5 things you didn’t know about cloud backup

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?