Original URL: http://www.theregister.co.uk/2005/07/13/rss_security_threat/

Could blogging spread computer worms?

Definitely maybe

By John Leyden

Posted in Security, 13th July 2005 15:12 GMT

Could RSS feeds become a conduit for the transmission of computer worms? Security experts are at odds over the possibility. Those who play down the threat point to the fact that no virus has ever used the propagation technique while others say it's only when a network reaches critical mass (as in the case of instant message and file sharing networks) that malware threats show their ugly head.

Personal firewall firm Zone Labs describes RSS feeds (together with mobile phones and PDAs) as the "next battleground in security". Gregor Freund, chief exec and co-founder of the Check Point Software subsidiary, said RSS feeds are a potential threat because whenever you have unstructured or unfiltered data you can end up with viruses. He added that Zone Labs had spotted malicious behaviour over RSS feeds but wasn't able to supply any details on what this malfeasance might be.

Trivial exploits would involve pointing readers of RSS feeds towards maliciously constructed websites. Peter Craig, UK product marketing manager at Trend Micro, explained: "RSS feeds point to HTML pages and as such, they can be made to point to HTML-exploits or malicious JavaScript. It certainly can be a possible way of distributing malicious code over the internet to the subscribers of the RSS feed. The impact of this distribution method would be related to the popularity of the feed. As far as I know it has never been used in any live virus so far."

More complex attacks are also at least theoretically possible. Dave Rand, chief technologist for Internet content security at Trend Micro, said that worms might be created that exploited vulnerabilities in RSS readers to spread.

But Craig played down the likelihood of an attack based on this approach, at least in the short term. "RSS feeds can't ever be a solid propagation method until there are enough RSS feeds with lots of subscribers in normal end-user machines or there's a way to access server-based feeds more easily," he said. ®

Related stories

Beware of toxic blogs
Porno blog spam turns nasty
ATMs in peril from computer worms?