Can RSS Feeds carry a Virus Payload?

By Angsuman Chakraborty, Gaea News Network
Sunday, June 12, 2005

With the rapid proliferation of RSS Feeds and offline aggregators it is presumable that virus writers will try to exploit this avenue to spread the virus. But the question is whether it is feasible?

In short technically a resounding YES.

RSS feed contents carry HTML data. RSS aggregators are capable of displaying HTML in the content field.
Many use the browser based engines like Internet Explorer’s HTML rendering engine to display RSS feeds. Hence the vulnerability of the rendering engine is also applicable to RSS aggregators.

However practically the impact will be much less because you normally subscribe to feeds of sources you trust.

This however can be compromised when you subscribe to feed aggregation engines like PubSub, which fetches feeds from its large database based on your keywords. The result is provides again as a RSS feed which can be fetched by your aggregator.

Is there are quick fix?
Yes. Set your aggregator to display only the title (safest) or just the excerpt. If you are interested in the content then you use your favorite secure browser to browse it (Firefox I presume).

will not be displayed