Nduja Cross Domain/Webmail XSS Worm
Rosario Valotta sent me an email today describing a webmail XSS worm he has written - the first I am aware of that is cross domain. There has been a few webmail worms, like Yamanner but nothing quite like this. Rosario picked four Italian webmail services, Libero.it, Tiscali.it, Lycos.it, and Excite.com and built a worm that works across all four domains.
His writeup discusses how he did it. He also included a video as a demonstration of the worm. It walks through how the worm works using a lot of popups showing each step. Of course, a really virulent worm wouldn’t have as many visual queues, but this is a really great visual demonstration. It’s also timely given Billy Hoffman’s talk on web worms next month.
July 10th, 2007 at 12:39 am
For those who don’t know, “Nduja” is a typical food in Calabria, Italy. About 66% pork and 33% red chili pepper, it’s a kind of a sausage to be spread as a cream - extremely hot stuff!
Nduja eaters don’t fear anything.
Kudos Rosario, I love Nduja
http://upload.wikimedia.org/wikipedia/it/e/e3/Nduia.jpg
July 10th, 2007 at 2:21 pm
What’s the other 1%?
Do I even want to know?
July 10th, 2007 at 9:15 pm
Lols, nice article. I’ve seen the source. It’s really simple code, but have a great idea behind it. Thanks
July 12th, 2007 at 6:28 pm
Interesting article.
Guys, it is nice example of webmail XSS worm and it is first multi-domain XSS worm in the Web. And also with nice video demonstration :-).
Well done, Rosario.