A new tool called Jikto is extremely dangerous for overall internet security and can turn practically any PC into a deadly site attacker device.

Jikto is a web scanner that looks for sites that are vulnerable to script injection and cross-scripting attacks. Jikto is written in JavaScript and can latch onto any JavaScript-enabled web browser, irrespectively of whether it runs on Windows, Mac or Linux.

After it successfully nested in a victim's web browser it launches search and web application scan routines looking for cross-site scripting vulnerabilities and sends reports about its findings to the attacker without the user of infected computer being concious.

Moreover, it can spread thorough the web by duplicating its code on cross-site scripting vulnerable web sites and nesting in web browsers of visiting users.

Because Jikto is written purely in JavaScript it doesn't require a client PC machine to launched from; it doesn't need to be installed either. It's extremely dangerous because it's highly infectious – a user only needs to visit a website to get infected by Jikto.

Recent JavaScript exploits examples, like the one with Microsoft Live search engine earlier in March have shown that JavaScript is becoming more powerful tool to use by internet criminals.