Kyran published an interesting paper that analyzes a new worm he wrote to attack Gaiaonline.com. He goes through step by step and breaks down each part of the worm and describes not only how it was used but the holes and where he would have built more functionality had he had more time.

I don’t think he’s published stats or even really released the worm to the actual population, but you get the idea. It’s a sobering reminder of the perils of social networking, if security doesn’t come first. Anyway, it’s a good writeup.

This entry was posted on Saturday, February 10th, 2007 at 10:03 pm and is filed under XSS, Webappsec. Responses are currently closed, but you can trackback from your own site.