An Italian security researcher this week has developed the first Web-based e-mail worm capable of taking advantage of cross site scripting(XSS) vulnerabilities in multiple Web-mail services.
Rosario Valotta described the new form of worm on his blog. The proof of concept, called Nduja Connection, could spread faster than one targeting only a single Web-mail provider, he said.
E-mail worms propagate by extracting contact information from the address book of each infected user, and then sending out an e-mail with the worm payload to each contact — a user needs only to open an infected e-mail message to spread the worm.
Prior concept e-mail worms have been restricted to affecting only one e-mail client, however, the Nduja Connection worm has the potential to spread faster due to it's ability to infect users of four different Web e-mail clients.
The four Web-mail services affected by the worm are Italian providers Libero.it, Tiscali.it, Lycos.it and Excite.com. "The choice of the providers of this [Proof of Concept] has been bound to the presence of an exploitable [vulnerability] (with the above features) within the Web-mail domain. Also other popular providers (for example Gmail, Yahoo, Hotmail) suffer from XSS [vulnerabilities] in their Web-mails, but their severity is not so high to let worms like Nduja Connection to propagate." Valotta wrote.