436_XSS_08.qxd
392
4/20/07
11:02 AM
Page 392
Chapter 8 • XSS Worms
XSS Warhol Worm The Warhol worm is a conceptual piece of malware that can infect every
connected machine on the Internet within 15 minutes. While it is an unrealistic theoretical concept, the Samy worm demonstrated that the Warhol worm is not too far off base. Within 24 hours, that piece of code infected over 1,000,000 and all but shutdown MySpace. The lack of diversity in the browsers and operating systems in use on the Internet
is one of the biggest reasons a Warhol worm would be successful. If people used a wide range of systems and programs for their Internet use, it would be very hard to find a vulnerability that would spread, because it would have to exist on every type of system.
Linear XSS Worm XSS attacks can easily be linked together across multiple sites and domains via
JavaScript.The Linear XSS worm illustrates how one vulnerable site can be exploited to attack another site, which in turn will attack yet a third site.This could continue on for as long as the attacker wants, assuming he doesn’t run out of vulnerable sites. While the Linear XSS worm illustrates how dangerous JavaScript can be, it can be
easily broken if one of the vulnerable sites fixes their code or the server hosting the script is taken offline
Samy Is My Hero The Samy worm represents the most powerful and widespread worm on the
Internet, with over 1,000,000 infected users. Had this worm contained a malicious payload, it could have caused even worse problems. Locating vulnerabilities in a Web site does not have to be a manual task.The
creator of the Samy worm used a custom built fuzzer to find the injection point for his code. The author of the Samy worm built it as a prank and underestimated how fast it
would spread. Despite the negative consequences, this creation did have a positive impact in that it raised awareness for how dangerous an XSS vulnerability can be.
www.syngress.com