- advertisement -

Attacks using Web 2.0 will increase

What it is: Web 2.0 refers to user-collaborative sites such as FaceBook, MySpace, Wikipedia, YouTube and Second Life, which allow consumers to create the site's interactive content.

- advertisement -

Cybercrooks can hide malicious content in legitimate-appearing downloads, lure users off-site through fake profiles and links or create worms (self-replicating pieces of malicious code) aimed at a particular community.

Last year we saw the emergence of Web 2.0 threats, says David Cole, director of Symantec Security Response. The threats he says, will not disappear in 2007.

Myspace.com, for example, saw a "great deal of attacks in the last year," according to Paul Wood of MessageLabs. In some of those attacks, spammers create fake profiles of webcam girls and use software to blast "friend requests" (an alert that lets users screen invitations to become buddies with other users) to a targeted demographic -- say, males, 18 to 26. When those guys would sign in the next day they would see that a beautiful girl wants to be their friend, says Wood. The girl's profile would contain a trap, of course. Malicious code would be embedded in the profile or in links to the girl's webcam site. The webcam site itself might ask for credit card information or install malware on the viewer's computer.

Web 2.0
Here's a phishing message sent to another MySpace user using the site's messaging tool. Once the user clicks on the link, a fraudulent log-in page would appear, ready to capture log-in credentials and transmit the data to another Web site.

That may sound easy enough to avoid, but knowing when to trust a download or a link that sounds legitimate gets tricky. According to David Marcus, security research and communications manager for McAfee Avert Labs, users downloading audio and video files can inadvertently download password-stealing Trojans or bot software, which can be programmed to send spam, search for passwords or sit quietly until commanded to act.

What you can do: "Be careful of downloading popular file formats," says Cole. If you get a prompt to download a new Flash player to watch a video clip, go directly to the Macromedia's Web site and get the update there, he says.

He also cautions against installing "pseudosecurity products" when prompted by a site's security alert to protect your computer. They can be downloaders for adware and spyware, he says. Just say no.

Also watch out for links that lead you off-site. If you really want to visit another site, type the URL into your browser's address bar instead of clicking on the link, says Cole.

Marcus recommends saving any file you intend to play or share to a specific folder on your computer and scanning it first with anti-virus software.

Keep in mind, however, that you need only to view a Web page with malicious content to download something nasty to your computer. Cole recommends buying an Internet security suite with multiple layers of protection and keeping it up to date. Doing so should block most Trojans and other malware from downloading themselves to your PC.

6 types of Internet scams on the prowl:
Attacks using Web 2.0 sites will increase.
Malware will spread through instant messaging.
Volume of image spam will rise.
Phishing e-mails getting more sophisticated, targeted.
Botnets will grow in popularity among cybercriminals.
Phone threats will soon strike.
Bankrate.com's corrections policy
-- Posted: Feb. 22, 2007
Create a news alert for "saving"
14 must-know terms to protect computer
10 ways to thwart cyber criminals
Wipe hard drive clean or risk ID theft
Video: 5 myths about going green
5 myths about going green
Video: Ways to keep produce fresh

Compare Rates
30 yr fixed mtg 4.45%
48 month new car loan 3.77%
1 yr CD 0.89%
Rates may include points
  How much life insurance do I need?  
  Calculate your payment on any loan  
  What will it take to save for a goal?  
Begin with personal finance fundamentals:
Auto Loans
Credit Cards
Debt Consolidation
Home Equity
Student Loans
Rev up your portfolio
with these tips and tricks.
- advertisement -
- advertisement -