A TechWeb news article discusses the possiblity of adware and spyware distributed via RSS. The article cites Richard Stiennon, the director of threat research at anti-spyware software vendor WebrootGartner, who is very concerned about the potential threat.
In Stiennon's opinion, his most distressing prediction is that spyware will latch onto RSS (Real Simple Syndication) as a way to distribute ad- and spy-style software.
"I'm extremely concerned about this," said Stiennon. "Already we're seeing marketers look to RSS. A recent list by marketing types on why RSS is better than e-mail, for example, had 'no more annoying complaints about spam' at number 8. Where marketers go, adware and spyware writers follow."
Stiennon is also concerned that if spyware could be distributed using RSS feeds it would spread very quickly.
Another nasty possibility, said Stiennon, is that a vulnerability will be found in one of the big blogging services. "If a spyware writer finds a way to inject code into a blogging site -- which could take the form of a SOAP object -- most likely through a future vulnerability in Internet Explorer 7, then everyone who subscribes to that service's blog RSS feeds is gonna get infected." Such an attack could be massive, and because of the automated nature of RSS, extremely fast-acting.
