Cybercriminals use Web 2.0 to disguise malware


Cybercriminals use Web 2.0 to disguise malware

Antony Savvas

Cybercriminals are using the latest Web 2.0 techniques to inject malware in PDF and Flash files on the web.

Web security software firm Finjan has discovered disguised code embedded in HTML webpages on legitimate websites, and also in rich-content files.

"Since JavaScript is the most-used scripting language for communication with web browsers, third-party applications such as Flash player, PDF readers and other multimedia applications have added support for JavaScript as part of their application," said Yuval Ben-Itzhak, CTO of Finjan. "This offers crimeware authors the opportunity to inject malicious code into rich-content files used by ads and user-generated content on Web 2.0 websites."

Online ads and user-generated content on Web 2.0 websites are becoming more popular in directing users to malware-infected content files, said Finjan.

Finjan's first half of 2008 Web Security Survey Report says 46% of respondents said their organisation didn't have a Web 2.0 security policy in place.

According to Finjan, code obfuscation remains cybercriminals' prefered attack technique.

Finjan says real-time content inspection is the optimal way to detect and block dynamically obfuscated code, and similar types of advanced cybercrime techniques. It analyses and understands the code embedded in web content or files in real time before it reaches the end-users.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy