Hackers Exploiting Vulnerabilities in Web 2.0 Technologies
Trend Micro Inc, a California-based Internet security providing firm, highlighted in its report "2007 Annual Threat Report and 2008 Predictions" that computer hackers are focusing on legitimate Websites to spread malware and to hack computers of those users who regularly visit these sites, as reported Metimes on February 25, 2008.
The report published in the last week of February 2008 revealed an astonishing fact that compromised legitimate Websites are gradually taking over malicious ones deliberately created to upload malicious programs onto the systems of unsuspected visitors. Hackers mainly target Websites that are very frequently visited by users like schools, banks, government organizations, and fortune 500 companies.
Second choice of attackers includes social networking Websites such as MySpace, Facebook, and blog sites where users post self-created content. The reason behind targeting these sites is inefficient security protection and dependence on "Web 2.0 technologies" like streaming media technologies and cross-site scripting, which are easy to break.
Cyber criminals are trying to exploit every vulnerability in the sites to successfully distribute spam, malware, and adware. Moreover, attackers harness personal information of users from their profiles on the sites and use it to device extremely targeted attacks.
Michael Whitehurst, Vice President, Global Support, Marshal, a manufacturer of e-mail and Web filter technologies, said that the conventional attacks are not much fruitful and give fewer advantages to attackers while attacks on social networking sites last longer and gives many benefits. Moreover, attackers can also ask ransom for pilfered data from the sites and can play with sympathies of people, as reported by Reseller on February 25, 2008.
According to Trend Micro's researchers, the top-listed malware worms last year were the imitation of malicious software called Gaobot.df and Spybot.is, which corrupted the connected with USB. North America alone produced 50% of total infection threats while the Asian region experienced moderate rise of 40% in infections originating from this region last year.
Besides, attackers made top e-commerce and global auction Website e-Bay their target, along with its companion financial Website, PayPal. Apart from this, phishers also targeted North America-based financial organizations and carried out significant number of phishing attacks in 2007.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 05-03-2008