Security Slideshow: Five New Web-Borne Security ThreatsBy Edward Cone | Posted 03-31-2009
Five New Web-Borne Security Threats
In 2008, criminals moved from email (spam, viruses) to sophisticated web-based attacks.Targeting weaknesses in server-based applications such as blogging tools and client-side browser plug-ins, including Flash, has allowed malware to be installed when users simply visit a web page.
Five New Web-Borne Security Threats - Page 2
The number of malicious sites increased from about 1,000 per day in January 2008 to more than 5,000 per day by October 2008. Users of a global search engine provider recently were sent to a video site that instructed them to download and install a flash player update to view their video; the download was a new worm.
Five New Web-Borne Security Threats - Page 3
Social engineering remains an effective method of breaching security. One popular approach is to create a fake profile on a social networking site and use it to post malicious links and phish other users.
Five New Web-Borne Security Threats - Page 4
Phishing for authentic social networking accounts lets spammers post comments on other members' pages and send messages from the phished accounts. These messages are often used to distribute spam. A link within a message could redirect the browser to a page that, say, purportedly hosts a video. The user is directed to install a new codec, but downloads malicious software.
Five New Web-Borne Security Threats - Page 5
Big-name social networking sites offer users attractive applications to enhance their profile pages. Often times these applications are built by third parties where the security of the code is not monitored.
Five New Web-Borne Security Threats - Page 6
Upon downloading the application, an unsuspecting user can inadvertently insert malicious code onto their profile page, and therefore their computer and potentially their network.
Five New Web-Borne Security Threats - Page 7
In 2008, fake celebrity and royalty profiles began to appear on social networking sites. Since some companies use these sites for business, these bring spoofing into the corporate environment.
Five New Web-Borne Security Threats - Page 8
Users received "buddy" requests from fake profiles. Traditional anti-spam solutions can't differentiate between these requests and genuine ones, so bad guys can get specific, private information about users and potentially gather enough information to formulate a targeted attack.
Five New Web-Borne Security Threats - Page 9
IT organizations researching open source code to address business or system needs may introduce viruses or Trojans to their desktop or network.
Five New Web-Borne Security Threats - Page 10
The maker of the leading open source browser recently discovered that a language pack on its official add-on page had been infected for months with rogue code. IT departments were at risk of infection from malicious Trojan Horse code, seemingly accidentally embedded in the language pack. The virus's signature was unknown at the time, and thus passed the maker's testing of add-ons.