New worm crawling trough blogs?!

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: New worm crawling trough blogs?!
From: blog.worm@xxxxxxxxx
Date: 27 Jan 2006 11:49:23 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

I spotted it on Christopher Boyd's Vital Security blog. Chris is a Microsoft 
security MVP and security research manager at FaceTime, an instant messaging 
security company. However, this worm appears to have spread much further and 
has slithered around the world.

The worm is actually an animated GIF image. Bloggers all over have embedded it 
in their blogs and link to the creator's Web site.To infect your blog, you have 
to copy and paste a piece of HTML code into your blog.

http://www.moox.nl/blogworm/

This is funny, but on the flipside, however, there could be some security 
implications if the hoster of this "worm" decided to upload a malicious image 
that took control of the PC's that visit sites that show it. (Or if the 
hoster's site was hacked.)

"There are no malicious plans with the blog worm," said Robin Schuil, its 
creator, in an e-mail. "However, it is a self mutating worm. From day to day it 
will say different things."

Still, as a precaution, we're hosting Thursday's version of the worm on our own 
servers. If you want to see it mutate, you will have to go to Robin's page. 

Source: http://news.com.com/2061-10789_3-6031795.html

Follow-Ups:
- Re: New worm crawling trough blogs?!
  - From: Nick FitzGerald

Prev by Date: Re: Winamp 5.12 - 0day exploit - code execution through playlist
Next by Date: Re: CME-24 (BlackWorm) Users' FAQ
Previous by thread: [ MDKSA-2006:026 ] - Updated bzip2 packages fix bzgrep vulnerabilities
Next by thread: Re: New worm crawling trough blogs?!
Index(es):
- Date
- Thread