Cybercriminals are using the latest
Web 2.0 techniques to inject
malware in PDF and
Flash files
on the web.
Web security software firm Finjan has discovered disguised code
embedded in
HTML webpages on legitimate websites, and also in rich-content
files.
"Since JavaScript is the most-used scripting language for
communication with web browsers, third-party applications such as
Flash player, PDF readers and other multimedia applications have
added support for JavaScript as part of their application," said
Yuval Ben-Itzhak,
CTO of
Finjan. "This offers crimeware authors the opportunity to
inject malicious code into rich-content files used by ads and
user-generated content on Web 2.0 websites."
Online ads and user-generated content on Web 2.0 websites are
becoming more popular in directing users to malware-infected
content files, said Finjan.
Finjan's
first half of 2008 Web Security Survey Report says 46% of
respondents said their organisation didn't have a Web 2.0
security policy in place.
According to Finjan, code obfuscation remains cybercriminals'
prefered attack technique.
Finjan says real-time content inspection is the optimal way to
detect and block dynamically obfuscated code, and similar types of
advanced cybercrime techniques. It analyses and understands the
code embedded in web content or files in real time before it
reaches the end-users.