A researcher has claimed that increased support for RSS (really simple syndication) in browsers could lead to a marked increase in botnet worm attacks.

In The Future of Bot Worms, David Sancho, a senior anti-virus research engineer at Trend Micro, pinpoints the built-in support for RSS that will be offered by Microsoft’s Internet Explorer 7.0, due out next year, as a potentially dangerous moment.

RSS lets browsers update from websites automatically as new content is added. In the simplest scenario, Sancho foresees these legitimate links being redirected to sites containing malware.

From there, worms and other malware could be downloaded automatically, without user intervention or awareness.

Current anti-virus and firewall technology would not be able to stop such attacks because the hijacked RSS feeds would appear legitimate.

Indeed, distinguishing that an RSS feed had been changed and was pointing at a malware site is an inherently tricky task. Because RSS support is patchy and non-standard right now, malware writers would be likely to target one program, the most likely candidate being IE 7.

RSS has been supported with some limitations in Mozilla Firefox since November 2004. Integrating support into the Internet’s most popular browser, Internet Explorer, is likely to dramatically increase its use, however.

Sancho recommends that companies make plans to scan and secure http traffic, if they are not already doing so.

The white paper is available to download from the Trend Micro website.