What it is: Web 2.0 refers to user-collaborative sites such as FaceBook, MySpace, Wikipedia, YouTube and Second Life, which allow consumers to create the site's interactive content.
Cybercrooks can hide malicious content in legitimate-appearing
downloads, lure users off-site through fake profiles and links or
create worms (self-replicating pieces of malicious code) aimed at
a particular community.
year we saw the emergence of Web 2.0 threats, says David Cole, director of Symantec
Security Response. The threats he says, will not disappear in 2007.
Myspace.com, for example, saw a "great deal of
attacks in the last year," according to Paul Wood of MessageLabs.
In some of those attacks, spammers create fake profiles of webcam
girls and use software to blast "friend requests" (an
alert that lets users screen invitations to become buddies with
other users) to a targeted demographic -- say, males, 18 to 26.
When those guys would sign in the next day they would see that a
beautiful girl wants to be their friend, says Wood. The girl's profile
would contain a trap, of course. Malicious code would be embedded
in the profile or in links to the girl's webcam site. The webcam
site itself might ask for credit card information or install malware
on the viewer's computer.
|Here's a phishing message sent to another MySpace
user using the site's messaging tool. Once the user clicks on the link, a fraudulent
log-in page would appear, ready to capture log-in credentials and transmit the
data to another Web site.|| ||
courtesy of Websense, Inc.|
may sound easy enough to avoid, but knowing when to trust a download or a link
that sounds legitimate gets tricky. According to David Marcus, security research
and communications manager for McAfee Avert Labs, users downloading audio and
video files can inadvertently download password-stealing Trojans or bot software,
which can be programmed to send spam, search for passwords or sit quietly until
commanded to act.
What you can do:
"Be careful of downloading popular file formats," says Cole. If you
get a prompt to download a new Flash player to watch a video clip, go directly
to the Macromedia's Web site and get the update there, he says.
He also cautions against installing "pseudosecurity
products" when prompted by a site's security alert to protect
your computer. They can be downloaders for adware and spyware, he
says. Just say no.
Also watch out for
links that lead you off-site. If you really want to visit another site, type the
URL into your browser's address bar instead of clicking on the link, says Cole.
Marcus recommends saving any file you intend to play or share
to a specific folder on your computer and scanning
it first with anti-virus software.
Keep in mind, however, that you need only to view a
Web page with malicious content to download something nasty to your
computer. Cole recommends buying an Internet security suite with
multiple layers of protection and keeping it up to date. Doing so
should block most Trojans and other malware from downloading themselves
to your PC.
||6 types of Internet scams on the prowl: