SQL/JavaScript Hybrid Worms As Two-stage Quines
Jos\'e I. Orlicki
TL;DR
This paper presents a novel hybrid worm that combines SQL and JavaScript in a two-stage quine structure, demonstrating a new form of self-replicating malware exploiting common software patterns.
Contribution
It introduces a hybrid SQL/JavaScript worm based on two-stage quines, illustrating a new malware technique combining real-world and laboratory methods.
Findings
Demonstrated a working proof of concept of the hybrid worm
Analyzed the potential of hybrid worms in malware evolution
Discussed general features and implications of hybrid malware
Abstract
Delving into present trends and anticipating future malware trends, a hybrid, SQL on the server-side, JavaScript on the client-side, self-replicating worm based on two-stage quines was designed and implemented on an ad-hoc scenario instantiating a very common software pattern. The proof of concept code combines techniques seen in the wild, in the form of SQL injections leading to cross-site scripting JavaScript inclusion, and seen in the laboratory, in the form of SQL quines propa- gated via RFIDs, resulting in a hybrid code injection. General features of hybrid worms are also discussed.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWeb Application Security Vulnerabilities · Advanced Malware Detection Techniques · Security and Verification in Computing