News

Cybercriminals use Web 2.0 to disguise malware

Antony Savvas

Cybercriminals are using the latest Web 2.0 techniques to inject malware in PDF and Flash files on the web.

Web security software firm Finjan has discovered disguised code embedded in HTML webpages on legitimate websites, and also in rich-content files.

"Since JavaScript is the most-used scripting language for communication with web browsers, third-party applications such as Flash player, PDF readers and other multimedia applications have added support for JavaScript as part of their application," said Yuval Ben-Itzhak, CTO of Finjan. "This offers crimeware authors the opportunity to inject malicious code into rich-content files used by ads and user-generated content on Web 2.0 websites."

Online ads and user-generated content on Web 2.0 websites are becoming more popular in directing users to malware-infected content files, said Finjan.

Finjan's first half of 2008 Web Security Survey Report says 46% of respondents said their organisation didn't have a Web 2.0 security policy in place.

According to Finjan, code obfuscation remains cybercriminals' prefered attack technique.

Finjan says real-time content inspection is the optimal way to detect and block dynamically obfuscated code, and similar types of advanced cybercrime techniques. It analyses and understands the code embedded in web content or files in real time before it reaches the end-users.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy