The worm should be a wake-up call to software developers and Webmasters that more Java and AJAX exploits will be coming, according to a blog post by Michael Haisley, an incident handler for the SANS Internet Storm Center.

Web developers need to pay close attention to input validation and take reports of cross site scripting holes more seriously, Hoffman said. Companies enamored of "gee-whiz" Web applications from Google should also think carefully and plan before porting business applications to the Web, he said.

"When you push business logic to the client side, you're allowing attackers to see data types and input ranges that hackers would ordinarily need a complicated disassembler to see," Hoffman said.