Hackers Focusing on Web 2.0 Sites (plus Comment)

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via ITPro.

Please read further for my comments.

[snip]

Virus writers are turning their attention to social networking sites and
other user-generated content networks to steal personal information and
create botnets, according to an anti-virus expert.

Toralv Dirro, security strategist at IT security company McAfee's Avert
Labs research team said that over the last ten years the threat landscape
had changed beyond recognition and that hackers were now looking at
attacking new web 2.0-style sites as they were rich in sensitive data.

"Malware is getting more commercial. We expect new platforms and
applications to be attacked if there is any money to be made out of it," he
said. "As users can just about post anything, so can hackers. We have seen
many examples of profile pages containing malware that then get downloaded
by victims."

Dirro pointed to an example of a worm that attacked Wikipedia users
visiting a booby-trapped page created by hackers. The page was used to
trick users into downloading malware thinking it was fix for the Blaster
worm last year. It was just the start of a new trend in viruses.

"Web 2.0 sites are becoming more popular and I expect more worms to appear
on these sites," said Dirro.

[snip]

More:
http://www.itpro.co.uk/security/news/119549/hackers-focusing-on-web-20-site
s.html

Notes:

This should not really be news to anyone on this list.

We've been saying for over 10 years that JavaScript, in and of
itself, can be used for extremely evil shit. And since most of
the newer, mash-up-style Web "Uh-Oh' stuff uses AJAX and requires
users to open themselves up for JavaScript exploitation just to
experience the content.

Having said that, this particular message [in this article] is
something that I (and many others) have been saying for years --
and in fact led me to start calling some of the underlying
mechanisms in "Web 2.0" as "Web Uh-Oh" with regards to their
impact on network, and consumer, security.

I am in the process of writing a white paper on this topic
which I'll let you know about when it its completed, but in
the meantime I'll say this:

We (as the Internet-community-at-large) are doing a really fine
job of allowing our customers to be exploited by enabling the
very same technologies that deliver the very same "content-rich"
features that they want.

The real issue here is not that more "worms will appear on Web 2.0
sites", but rather, more worms and malware will appear which take
advantage of the fact that most users & consumers are ripe to be
exploited -- simply by the fact that if they protect themselves
properly against these types of exploits, they cannot enjoy the
"features" of this content-rich Web 2.0 Internet that we know
and love today.

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)

wj8DBQFGlYbqq1pz9mNUZTMRAv/TAJ0Sw4KU3rOEOtjNTGolEyTkIbOxkgCcDV1N
KLuo4JdEbtEcir1KE5kNhVk=
=yzN3
-----END PGP SIGNATURE-----


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.