Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Web 2.0 Sites Could Produce Malicious Code

Experts caution that Web 2.0-type sites such as 'Wikipedia' and 'YouTube' could have malicious code in their pages that could place business systems at risk. To avoid such dangers, firms need to have sophisticated 'content security solutions'.

In the opinion of Tom Newton, 'product manager' at 'SmoothWall', these sites would have no worth without 'user-generated content'. But they are not able to check all aspects of that content for malevolent code. For e.g., uploading executables may be hampered while users might allow embedding some mild HTML that can present exploits for Internet Explorer.

Sophos says when 'MSBlast' worm entered the German version of the popular online encyclopedia 'Wikipedia', an alert was circulated about the 'Lovesan/MSBlast' worm in its new version and that the site produced links to an assumed fix in early November 2006. The anti-virus vendor later reported that the version was actually a piece of malware.

Newton explains security tools that filter URL only would be ineffective on these kinds of attacks because users can no longer rely on a site by what displays in the address bar. Therefore, adds Newton, firms should employ more 'comprehensive, real-time scanning' technologies.

U.K. 'managing director', Chris Seth of social networking site 'Piczo' said that the company has various mechanisms to lessen risks. It also automatically checks to prevent entry of malicious code. There is a 'member services team' that scans the site's pages manually and tries to provide solutions to any alerts reported by users.

Newton further said that firms required 'perimeter anti-virus', 'internal firewalls', 'content filters' and 'limited user privileges'. The firm's Limor Elbaz emphasized on sites scanning all 'uploaded content' at the gateway entry point to diminish threats. Nigel Stanley of 'Bloor Research' called on 'behavioral-based anti-malware' with effective algorithms as the best way to detect and stop such attacks.

However, Gerhard Eschelbeck, 'chief technology officer' for 'Webroot', pointed that it was a difficult challenge to resolve because there were problems in defining malicious code and how much of it was acceptable. Further, blocking certain pages or sites is appropriate "at the end node" by an individual or organization.

Related article: Web Browsers Too Have Security Exploits

ยป SPAMfighter News - 12/5/2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page