TechTarget

Cybercriminals use Web 2.0 to disguise malware

Cybercriminals are using the latest Web 2.0 techniques...

Cybercriminals are using the latest Web 2.0 techniques to inject malware in PDF and Flash files on the web.

Web security software firm Finjan has discovered disguised code embedded in HTML webpages on legitimate websites, and also in rich-content files.

"Since JavaScript is the most-used scripting language for communication with web browsers, third-party applications such as Flash player, PDF readers and other multimedia applications have added support for JavaScript as part of their application," said Yuval Ben-Itzhak, CTO of Finjan. "This offers crimeware authors the opportunity to inject malicious code into rich-content files used by ads and user-generated content on Web 2.0 websites."

Online ads and user-generated content on Web 2.0 websites are becoming more popular in directing users to malware-infected content files, said Finjan.

Finjan's first half of 2008 Web Security Survey Report says 46% of respondents said their organisation didn't have a Web 2.0 security policy in place.

According to Finjan, code obfuscation remains cybercriminals' prefered attack technique.

Finjan says real-time content inspection is the optimal way to detect and block dynamically obfuscated code, and similar types of advanced cybercrime techniques. It analyses and understands the code embedded in web content or files in real time before it reaches the end-users.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close