△ MENU/TOP △

Holtz Communications + Technology

Shel Holtz
Communicating at the Intersection of Business and Technology
SearchClose Icon

Security specialist predicts RSS spyware

The lack of spam and spyware associated with RSS is one of its big selling points, but according to a software security expert, at least one of the advantages could be short-lived. Robert Steinnon, director of threat research at anti-spyware company Webroot, said spyware could soon be delivered through RSS feeds.

Steinnon’s remarks at last week’s IT Security Summit were reported in a TechWeb article. (Thanks to SAP’s Michael Redford for the pointer.) Speaking about his concern that RSS will be exploited to distribute adware and spyware, Steinnon said,

Already we’re seeing marketers look to RSS. A recent list by marketing types on why RSS is better than e-mail, for example, had ‘no more annoying complaints about spam’ at number 8. Where marketers go, adware and spyware writers follow.

The threat to RSS was one of six predictions Steinnon made in his remarks. Another: Spyware targeting the Firefox Web browser will make its appearance. Not scared yet? How about attacks via blogging software applications?

If a spyware writer finds a way to inject code into a blogging site—which could take the form of a SOAP object—most likely through a future vulnerability in Internet Explorer 7, then everyone who subscribes to that service’s blog RSS feeds is gonna get infected.

Coupled with the automatic distribution of infected blog posts via RSS, such attacks could be huge and fast.

I can’t say I’m surprised by Steinnon’s predictions, but they are nevertheless disheartening. Let’s hope Webroot and its competitors can find a way to stop these attacks before they begin. I’d hate to see another set of great tools done in by the greediest and least ethical among us.

Comments
  • 1.Hey Shel.. I'm sorry, but the quotes from the article demonstrate that the speaker is fundamentally ignorant of the technologies he's talking about. First off, there is no such thing as a "SOAP object". Second, most *good* desktop RSS readers take great pains to make sure that potentially malicious scripts and objects are not allowed to execute within the reader environment. I'm not so sure about online aggregators like BlogLines. But the thought that "everyone who subscribes...is gonna get infected" is simple FUD that is playing off ignorance.

    James Snell | June 2005

  • 2.No need to be sorry, James; that's why I post this stuff, so people in the know can endorse or refute it. I'm not software expert, I'm a PR guy, so your input is great and exactly what this blog (and most, in fact) is all about.

    Now how do we get this info to Redford and Webroot? And TechWeb, for that matter? Maybe they'll read this...

    Shel Holtz | June 2005 | Philadelphia Airport, Terminal B, Gate 6

Comment Form

« Back