A 'creative hacker' organisation known as GNU Citizen has published details of cross-site scripting (XSS) flaws that could be used to inject malware into computers via a web browser.
The worm could scan IP addresses for vulnerable pages and then spread quickly across the internet.
These flaws are have been gathered in an online archive, XSSED.com, that could be used by malware writers to identify vulnerable sites.
A permanent malware spamming program could spread viruses across the internet by setting up a continuous link to the vulnerable site.
"XSSED.com has the largest archive of real, fully working, XSS vulnerabilities available today," said a site poster known as 'pdp'.
"They even have a list of XSS vulnerabilities found in websites ranked 500 and below. We are talking about high profile websites here."
The only limiting factor would be the ability of the online database to handle the traffic.
"A super worm of this kind could have potentially devastating consequences in the very near future," said Pete Simpson, Threatlab Active manager at Clearswift.
"The technology exists and the key question is one of motivation. A multitude of easy targets within web 2.0 social networks must certainly be attractive to organised crime."
Warning on web 'super worm'
By Iain Thomson on Oct 4, 2007 10:03AM