Thursday, February 22, 2007

Getting Hacked via RSS

Via ComputerWorld -

Users of Web feed services such as Real Simple Syndication (RSS) and Atom might want to make doubly sure they are not downloading malicious code along with their favorite Web content.

That's because the growing use of Web feed readers and the proliferation of content-aggregation sites are giving hackers a really simple way to deliver keystroke loggers, Trojan horses and other malware onto their computers, security analysts warn.

The feed-hacking threat is not particularly new. However, the severity of the problem could be rising as feed services begin moving into the mainstream, said Ray Dickenson, vice president of product management at Authentium Inc., a Palm Beach, Fla.-based security vendor. "Malware authors are just taking advantage of the interconnectedness of Web 2.0" to distribute their code more efficiently, he said.

Web feed services such as RSS allow Web content from multiple sources to be aggregated and automatically delivered to a desktop without requiring the user to actually visit any of the content-providing sites. Users simply subscribe to syndicated news and content feeds. Then, feed readers and content aggregators regularly check the feeds for updated content on the users' behalf -- and automatically push it out to the user when something new is found.

The security problem arises from the fact that many RSS and Atom-based feed readers and aggregators simply pull in the content from the source without first checking to see whether it might contain malicious code, said Michael Sutton, security evangelist at SPI Dynamics Inc., an Atlanta-based Web application security vendor.

------------------------------------------

On another RSS hacking note, several years ago I bounced an idea off some of my friends in India. E-mail worms were huge at that time and I figured that sooner or later someone would use a News RSS feed to create dynamic e-mail headers and content to help the worm spread.

Basically each time it runs on a new host, it would attempt to put down a fresh news story and use that to send the next batch of virus lined emails. Of course, it would have to have a small number of static stories and headlines just in case it wouldn't connect. But with a large number of news feeds from all over the world, it would create a pretty big show to the security world.

But to my surprise, I still haven't seen an e-mail based virus use this technique to spread.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)