Virtualisation will play an important role in defending users of Web 2.0 technologies from malware attacks, it...
was claimed today.
Virtualisation is likely to become a key proactive defence against huge volumes of increasingly complex web-based attacks, Stefan Tanase of Kaspersky Lab told the ISSE 2009 security conference in The Hague.
Users will be able to run suspicious applications in a virtual sandbox so that if the application is malicious, their systems will not be harmed, he said.
The shift to virtualisation is being driven by an explosion of attacks that exploit the technologies and trusted environments created by social networking sites, he said.
Attacks that use social networking sites are ten times more successful than email-based attacks, research by Kaspersky Lab reveals
Cybercriminals are exploiting the fact that people are much more likely to click on something if they think it comes from one of their social networking contacts, said Tanase.
Criminals are also exploiting the growing number of applications found on social networking sites because end-users cannot see the malicious code behind apparently legitimate applications.
A good example is a photo of the day application on Facebook that was running java scripts in the background to carry out distributed denial-of-service attacks, said Tanase.
Facebook has been slow to respond and although it has announced an application certification initiative, it unlikely that all applications will be covered as it is costly for developers, he said.
Social networking sites and other websites are focussed on improving usability, but this does not go well with security, which is often overlooked or neglected, said Tanase.
The complexity of these attacks will continue to grow, he said, as cybercriminals tap into the same increasingly public information used for targeted advertising.
In the same way criminals will be able to personalise attacks based on the interests or geographical locations of their intended victims, said Tanase.
The next step will be bulk, automated attacks of this kind, so users should be careful of what information they share, he said.