Next IE Opens Door for RSS Attacks

By | September 6, 2005

Microsoft’s next version of Internet Explorer could lead to new type of content hijacking attacks using syndication feeds. With the popularity of Internet Explorer, RSS feeds will effectively become ubiquitous, hence giving hackers a motivation to deliver the same malicious code via bogus feeds, anti-virus experts warned.

In an RSS attack, the content deliver from trusted RSS sites is hijacked and lead the user to offending sites, which collect their personal information to phishers, or download viruses to their computer.

“Internet Explorer will give (criminal hackers) a mainstream target,” said Joe Hartmann, director of antivirus research at Trend Micro, Inc., a Tokyo-based security software and services company. “There is a great potential for its misuse.”

By now, hackers were not trying to infect syndicated content mainly because the vast range of RSS readers available online and the lack of recognition as a mainstream medium. But with the integration of RSS feeds in IE 7.0, syndicated content will become a valuable target for hackers and another security threat for corporate users.

“Once one subscribes to a feed, he rarely unsubscribes,” Hartmann said. “So when a user double-clicks on a post with enclosure, some aggregators will just find an app that can handle that MIME-type and launch it.”

The good thing is the Microsoft taking security into account in the design, but will it really help?

Leave a Reply