February 12, 2007 - 09:10 UTC - Tags: AJAX security worm
Kyran has written a really interesting paper on AJAX-driven worms. The post can be found here:
http://sudolabs.com/forum/viewtopic.php?p=19If you don't understand the contents of Kyran's post, let me give a brief explanation. The worm will infect a forum on a site, and attack any user visiting the site. The user will have their profile changed and automatically send infected messages to other users. Also a fake login form will try to steal their credentials. This is why you need to avoid cross site scripting vulnerabilities on your web sites.