Delving into present trends and anticipating future malware trends, a hybrid, SQL on the server-side, JavaScript on the client-side, self-replicating worm based on two-stage quines was designed and implemented on an ad-hoc scenario instantiating a very common software pattern. The proof of concept code combines techniques seen in the wild, in the form of SQL injections leading to cross-site scripting JavaScript inclusion, and seen in the laboratory, in the form of SQL quines propa- gated via RFIDs, resulting in a hybrid code injection. General features of hybrid worms are also discussed.
Cite
@article{arxiv.0909.4516,
title = {SQL/JavaScript Hybrid Worms As Two-stage Quines},
author = {José I. Orlicki},
journal= {arXiv preprint arXiv:0909.4516},
year = {2009}
}
Comments
15 pages, 11 figures, Workshop de Seguridad Informatica, 38 JAIIO, Mar Del Plata, Argentina