Cybercriminals use Web 2.0 to disguise malware

Cybercriminals are using the latest Web 2.0 techniques to inject malware in PDF and Flash files

Cybercriminals are using the latest Web 2.0 techniques to inject malware in PDF and Flash files on the web.

Web security software firm Finjan has discovered disguised code embedded in HTML webpages on legitimate websites, and also in rich-content files.

"Since JavaScript is the most-used scripting language for communication with web browsers, third-party applications such as Flash player, PDF readers and other multimedia applications have added support for JavaScript as part of their application," said Yuval Ben-Itzhak, CTO of Finjan. "This offers crimeware authors the opportunity to inject malicious code into rich-content files used by ads and user-generated content on Web 2.0 websites."

Online ads and user-generated content on Web 2.0 websites are becoming more popular in directing users to malware-infected content files, said Finjan.

Finjan's first half of 2008 Web Security Survey Report says 46% of respondents said their organisation didn't have a Web 2.0 security policy in place.

According to Finjan, code obfuscation remains cybercriminals' prefered attack technique.

Finjan says real-time content inspection is the optimal way to detect and block dynamically obfuscated code, and similar types of advanced cybercrime techniques. It analyses and understands the code embedded in web content or files in real time before it reaches the end-users.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...