News aggregators have lately become popular, because they make you more efficient: when a website (usually a weblog) is updated, new articles and/or comments spread like e-mail to arrive into your news aggregator. You save time, so you usually end up doubling the sites you used to read.

My point is, when will we see RSS feeds spreading virus? It’s not as difficult as you may think, and I’m going to ellaborate on this.

Imagine your news aggregator uses the Internet Explorer engine (full of bugs and vulnerabilities), or its own engine (and that engine has bugs). We already have the first stone in the path to become infected: a news aggregator that can be exploited. (If you use an online news aggregator like BlogLines think of a vulnerability in your browser instead).

But for a news aggregator to be exploited, we first need to receive a RSS feed trying to fuck us. Is this impossible? No. I can think of several ways to do it:

  • Domain hijacking A malicious hacker steals your domain and in a maximum of 30 minutes (the time DNS updates need to spread), he can start to send virus, trojans or god-knows-what bogus articles to your subscribers
  • DNS poisoning. Analogue to the previous one.
  • A vulnerability in your web server, weblog software, database, lost password or any other way an attacker could use to publish a bogus article in your RSS feed as if he was you.

Summary: as news aggregators are the applications most ressembling to e-mail clients, I predict we will see in a near future attacks ressembling the ones we suffer in e-mail.

NB: Where "RSS" you can also think of Atom or RDF.