Social Networks' XSS Worms

Cross Site Scripting Worms, are malicious programs that propagates through visitors of a website in attempt to infect other visitors progressively. Cross site scripting vulnerabilities are exploited in many forms; one of the common forms is using worms on popular social websites, such as MySpace and Facebook. In this paper first we suggest a general model based on our discussions. Then we simulate the propagation of a sample worm in a virtual social network to see if the model conforms to simulated propagation. We also examined some parameters effects such as the probability of visiting friends that could affect worm propagation. The simulation results leads to a better understanding and prediction of the scale and speed of propagation of cross site scripting worms on web 2.0 social networks.

[1]  Mike Thelwall,et al.  Technology, genres, and value change: Literary authors and artistic use of information technology , 2008, J. Assoc. Inf. Sci. Technol..

[2]  Zhendong Su,et al.  Static detection of cross-site scripting vulnerabilities , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[3]  R. May,et al.  Infectious Diseases of Humans: Dynamics and Control , 1991, Annals of Internal Medicine.

[4]  Albert,et al.  Emergence of scaling in random networks , 1999, Science.

[5]  P. Kaye Infectious diseases of humans: Dynamics and control , 1993 .

[6]  W. O. Kermack,et al.  A contribution to the mathematical theory of epidemics , 1927 .

[7]  H. Andersson,et al.  Stochastic Epidemic Models and Their Statistical Analysis , 2000 .

[8]  Wade Alcorn XSS Viruses: Cross-site scripting viruses and worms - a new attack vector , 2006 .

[9]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[10]  Yuriy Bulygin,et al.  Epidemics of Mobile Worms , 2007, 2007 IEEE International Performance, Computing, and Communications Conference.

[11]  Alexander Grey,et al.  The Mathematical Theory of Infectious Diseases and Its Applications , 1977 .

[12]  M. Ponnavaikko,et al.  A solution to block Cross Site Scripting Vulnerabilities based on Service Oriented Architecture , 2007, 6th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2007).

[13]  Joshua Fogel,et al.  Internet social network communities: Risk taking, trust, and privacy concerns , 2009, Comput. Hum. Behav..

[14]  N. Ling The Mathematical Theory of Infectious Diseases and its applications , 1978 .

[15]  Giuseppe A. Di Lucca,et al.  Identifying cross site scripting vulnerabilities in Web applications , 2004, Proceedings. Sixth IEEE International Workshop on Web Site Evolution.

[16]  Donald F. Towsley,et al.  Code red worm propagation modeling and analysis , 2002, CCS '02.