"If your e-reader includes a Javascript interpreter, you're boned. And as Javascript is part of the ePub standard, it's pretty much guaranteed to. Hell, if it displays the book cover you could be screwed."
Nope.
As scary as this scenario may be it falls apart once you look at the current state of the ebook market. Amazon, for example, doesn't allow the scripting that would be required for this. Nor does Apple. In fact Apple revised their rules to block Epub3 ebooks from gaining web access from iBooks, and that alone kills this idea.
But Charlie does bring up a point which has been worrying me since June. It's more than just spam ebooks; an Epub3 ebook is literally a website/app wrapped into an ebook file. If the reading app isn't adequately secured then it's entirely possible for a malware infected ebook to turn your smartphone/tablet into a bot.
Luckily this is the kind of thing that can be prevented be using a reading app that has adequate security. That is what I have been agitating for ever since I learned about this issue.
]]>