Beneficial Worm or Digital Menace?
Via the team at GNUCitizen comes news of a newly discovered AJAX-based worm that targets Wordpress blogs. An independent researcher, beNi, discovered several vulnerabilities that affect the current version of the Wordpress blogging platform.
Ranging from Cross Site Scripting (XSS), including persistent XSS, through to SQL injection and database errors. If combined, the threats would allow a malicious attacker to take over vulnerable blogs. Having been publicly disclosed, these are '0-day' vulnerabilities, with no current patching available.
It seems that not only has beNi found the vulnerabilities, but he has written an AJAX-based worm to patch the issues. Although the initial response from some has been shock that the worm goes ahead and installs the patches silently, it has been pointed out that nothing is done without the administrator's permission - the worm automates the process of patching and updating once the admin allows it to.
While it isn't the first beneficial (or attempted beneficial) worm in existence, it is one of the more interesting ones, appearing before any attack code that targets the vulnerabilities being patched. With the worm requiring semi-manual activation, there is little chance that it is going to rapidly spread and is most likely going to remain a useful tool for administrators seeking to update and protect their installations. The only risk is that with the code freely available it could be modified for malicious purposes to target unpatched blogs.
2 August 2007
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.Comments will soon be available for registered users.