Home > Security News > IE 7.0 may usher in wave of RSS exploits
Security News:
EMAIL THIS LICENSING & REPRINTS

IE 7.0 may usher in wave of RSS exploits

By Mark Baard, Contributor
06 Sep 2005 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

When Microsoft releases the next version of its Web browser, the company may usher in a wave of attempted hijacks of syndicated content from legitimate publishers.

The bogus feeds could deliver much of the same malicious code and links affecting computers via the Web and e-mail phishing scams, according to some antivirus and security experts.

In an RSS attack scenario, users click on links that appear to be from trusted sites (sites to which they have subscribed). At the offending sites, victims turn over their personal information to phishers, rather than to legitimate organizations. Or, In another scenario, users access virus-infected content already downloaded to their hard drives, even after an offending Web site has been removed from the Internet.

Related items

Microsoft customers don't have a clear view of Vista

Deadline for SUS support extended

Two things have been holding criminal hackers back: RSS is not yet a mainstream medium; and there are far too many reader applications to make targeting any one of them worthwhile.

"Just as trust is a crook's friend, diversity is his enemy," said Don Park, who runs Docuverse, a development consultancy based in Redwood City, Calif. Park also edits the blog Don Park's Daily Habit, which features discussion of security issues.

But that may change when Microsoft releases Internet Explorer 7.0, which reportedly supports RSS feeds. (Microsoft is branding the RSS feeds feature in Explorer 7 as "Web feeds.") By bundling RSS feeds as a part of IE 7, and with its forthcoming Windows Vista and Longhorn operating systems, RSS will effectively become ubiquitous.

But the new feature also benefits malware writers.

"Internet Explorer will give (criminal hackers) a mainstream target," said Joe Hartmann, director of antivirus research at Trend Micro, Inc., a Tokyo-based security software and services company. "There is a great potential for its misuse."

Hackers have already written code that tries to modify Web browser bookmarks. And they will undoubtedly attempt to do the same with RSS readers, Hartmann and Park suggested.
Internet Explorer will give (criminal hackers) a mainstream target. There is a great potential for its misuse."
Joe Hartmann
director of AV research, Trend Micro

Phishers could slip malicious links in with those that are a part of legitimate subscriptions.

A subscriber to one of the Financial Times' RSS feeds, for example, could click on a link to a phony Web site, believing it was associated with the respected U.K.-based newspaper.

Another problem is the automated nature of data syndication. Even if a phishing site is disabled by law enforcement officials, its content may have already been downloaded by thousands of RSS readers, Hartmann said.

RSS subscribers are quick to add subscriptions and slow to remove them, Park said.

"Once one subscribes to a feed, he rarely unsubscribes," he said. "So when a user double-clicks on a post with enclosure, some aggregators will just find an app that can handle that MIME-type and launch it."

However, the news about RSS is not all bad, especially for corporate users.

"The feeds are a part of HTTP traffic that has to go through port 80, and there are tools to secure traffic at that point," said Hartmann, who added that exploits may not appear for a year or two.

Microsoft is also taking action to make its software less hospitable to criminals.

Park said that was the point of his recent blog post about the potential for RSS exploits: "Microsoft will help us identify security issues, not that MS is going to open another can of worms," he said. (The post from Park's blog was picked up by online communities, in which some of the discussions turned against Microsoft.)

Microsoft's anti-phishing feature for Internet Explorer 7 suggests it is trying to stem phishing scams and virus attacks.

"At least they are taking security into account in the design process," said Ero Carrera, an antiviral researcher at Helsinki-based security provider F-Secure Corp. "That's something they were not doing four to five years ago, or longer (with earlier versions of Windows)."

Now, Windows security is not always perfect, said Carrera, "but it is much more tight."

Sound Off! -   Be the first to post a message to Sound Off!


Tags: Internet Explorer SecurityViruses, Worms and Other MalwarePhishingVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts