Uninformed: Informative Information for the Uninformed

Vol 1» 2005.May

Worm Propagation

There are uses for the PassiveX payload on the malicious side of the house as well. Due to the payload's ability to support automation through scripting and its inherent ability to allow for the construction of tunnels over arbitrary protocols, it seems obvious that such a tool could be useful in the realm of worm propagation. Take for instance a worm that spreads through server-side daemon vulnerabilities and also by embedding client-side browser vulnerabilities into the web sites of web servers that become compromised. The payload for the client-side browser vulnerabilities would be the PassiveX payload which would then download an inject an ActiveX control from a de-centralized location that would be responsible for the continued propagation of the worm through the same vectors. The payload's transmission over trusted protocols would make it just that much harder to stop assuming some level of effort were put forth to make the communication indistinguishable from normal browser traffic.