Tuesday, July 10, 2007
First multi-site XSS WebMail Worm (PoC)
Web Worms are quickly increasing in sophistication. This new proof-of-concept multi-site XSS WebMail Worm, with video, is capable of propagating across multiple WebMail providers using the exponential XSS technique. Sure we knew it was theoretically possible before, but never seen anyone actually do it. Really interesting stuff. For the moment the industry is still largely in the PoC stage, but rest assured it’s only a matter of time being payload are made to be malicious. More and more people are experimenting.