Blog readers vulnerable to embedded malware: Internet users who employ Web-based services such as Bloglines or Web browsers such as Firefox to read Web site feeds and blogs are vulnerable to embedded malicious code that can install spyware, log users' passwords, scan PCs and corporate networks for open ports and more, said Caleb Sima, chief technology officer at SPI Dynamics Inc., an Atlanta-based Web application security company.
So far, only a few proof-of-concept attacks against blog readers from Google and Yahoo have occurred, Sima said, though he believes that more are on the way.
"The only reason we haven't had a lot of problems yet is because no one has really thought of it," he said. According to Sima, software and services used to download feeds transmitted via the RSS or Atom formats can unwittingly download and execute JavaScript code buried within the text.
