LAS VEGAS -- Putting together a mishmash of malicious Web technologies, security researchers plan on Thursday to show off how a Web worm could spread to a victim's system and then back to a vulnerable server.

Dubbed "hybrid Web worms," the attack brings together malicious JavaScript techniques, code obfuscation and the addition of a dormant program that only executes to infect vulnerable Web servers, researchers Billy Hoffman and John Terrill stated in a paper summarizing their Thursday presentation at the Black Hat Security Conference. The attack allows Web worms to break out of the virtual box that prevents them from infecting users of only a single Web site, said Hoffman, lead researcher at SPI Dynamics, soon to be a subsidiary of Hewlett-Packard.

"It's like a seed," Hoffman said in an interview with SecurityFocus. "If the worm cannot spread between Web servers -- because of firewall rules, et cetera -- then it can wrap up a worm inside of JavaScript and infect other servers from the client."

Techniques for propagating malicious code among a Web site's visitors has worried security researchers since the Samy worm spread amongst MySpace users in October 2005. As researchers continue to discover more advanced JavaScript techniques, Web worms and other malicious browser-focused code will likely become more of a threat, Hoffman said.

Hoffman and Terrell will present their research on Thursday at the Black Hat Security Briefings on Thursday in Las Vegas.