Rosario Valotta wrote the first “Cross Webmail Worm” (XWW) as he calls it. This worm let me think back to the Yamanner worm in 2006 which it spread over the Yahoo!-Mail service through a XSS vulnerability in the service. Now, Rosario Valotta did something which’s very similar but he wrote a POC worm called “Nduja” which can spread over different webmail services which have XSS vulnerabilities like in his POC libero.it, tiscali.it, lycos.it and excite.com. I don’t want to write too much about this stuff because Rosario has already done a good writeup on this and published also a video. Even if it’s nothing really special because it’s still normal old XSS stuff, it’s once more a new demonstration on the power of this attack and also this shows us that the connection between all these services (ok e-mail is not a direct “connection” but anyway) can be a serious problem and there’s still much we can do with all this new technologies we’ve got.