Just as firms are getting their heads around the opportunities offered by Web 2.0, they are faced with the threat of "Trojan 2.0", says web security firm Finjan.
Trojan 2.0 attacks use regular Web 2.0 technology and websites to exploit legitimate web services, said Finjan, which has monitored such attacks through its Malicious Code Research Center (MCRC).
Finjan said Web 2.0 technology and websites give attackers an easy and scalable command and control scheme.
In Finjan's latest quarterly threat report, Web 2.0 is said to be being used for the botnet delivery of spam, identity theft through keylogging, highly sophisticated financial fraud, corporate espionage, and business intelligence gathering.
"Criminals and attackers are arming their crimeware Trojans with new covert communication channels, designed to evade detection by traditional security products," said Finjan CTO Yuval Ben-Itzhak.
"Since this model uses legitimate websites and domains for distributing instructions to botnets, these communications appear as regular web traffic, and in most cases cannot be detected by enterprises' existing security solutions."
He said, "The advancements made in Trojan technology compel businesses to upgrade their web security solutions. Products that rely on real-time inspection and true understanding of the underlying web content, rather than reputation-based or signature-based solutions, are best equipped to handle these types of threats."