03-11-2006, 12:23 PM
Quote:One of the newest web technologies has a sneaky power: it can access pages from your browser without you knowing about it.
"The potential, or threat, with Ajax malware is that server communication is now hidden from the user," says Jesse James Garrett, who coined the term Ajax. "As a result the application can do things on your behalf without your knowledge." On a web page, Ajax can do as much as Javascript - though that's limited locally (it can't delete files apart from cookies on your computer). But it can do almost anything to a web page you have visible...
Imagine someone who trades stocks online via a browser - as many Americans do - being hit by the virus. The Ajax code could step through the complex forms required to transfer money between accounts and make trades. It could selectively buy or sell stocks, without the knowledge of the account owner...
full article: http://technology.guardian.co.uk/weekly/...34,00.html
The largest Ajax malware attack to date was the MySpace worm last October which spread virally on the site and affected millions of users.