Can RSS Feeds carry a Virus Payload?

Can RSS Feeds carry a Virus Payload?

Technology News

Computer Security News

RELATED NEWS

CAG report on 2G with parliamentary panel

Maingear targets mid-range PC gamers with Alt-15 and Alt-17 laptops

3 Gadgets to Buy this Black Friday

How To Track Profile Views On Facebook?

OP-ED by Vice President Joe Biden in the New York Times: "What we must do for Iraq now"

26/11 perpetrators should be brought to justice: British minister

'Some unscrupulous elements making politics look ugly'

EU-U.S. Summit Joint Statement

NATO-Russia Council Joint Statement

OP-ED by Vice President Jow Biden in the New York Times: "What we must do for Iraq now"

By Angsuman Chakraborty, Gaea News Network
Sunday, June 12, 2005

With the rapid proliferation of RSS Feeds and offline aggregators it is presumable that virus writers will try to exploit this avenue to spread the virus. But the question is whether it is feasible?

In short technically a resounding YES.

RSS feed contents carry HTML data. RSS aggregators are capable of displaying HTML in the content field.
Many use the browser based engines like Internet Explorer’s HTML rendering engine to display RSS feeds. Hence the vulnerability of the rendering engine is also applicable to RSS aggregators.

However practically the impact will be much less because you normally subscribe to feeds of sources you trust.

This however can be compromised when you subscribe to feed aggregation engines like PubSub, which fetches feeds from its large database based on your keywords. The result is provides again as a RSS feed which can be fetched by your aggregator.

Is there are quick fix?
Yes. Set your aggregator to display only the title (safest) or just the excerpt. If you are interested in the content then you use your favorite secure browser to browse it (Firefox I presume).

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

Older News