Posts Tagged ‘security’

Social web sites often easy pickings for phishers, malware writers

By Jeremy Reimer | Published: September 17, 2007 – 11:34PM CT

Social networking sites like MySpace and Facebook have become a regular part of many people’s daily Internet usage. Malware authors, who are always on the lookout for new and undefended avenues of attack, have noticed this and increased their attacks on social networking sites accordingly, since many of these sites are vulnerable to these attacks. According to the latest Symantec Internet Security Threat Report (PDF), a total of 1,501 vulnerabilities—61 percent of all security weaknesses studied—were found in web-based applications from January 1 to June 30 of this year. This is, however, a drop from 66 percent in the July to December 2006 period, which may indicate that social networking sites are improving—albeit slowly—their security procedures.

Prior to this decrease, Symantec had reported a rise in the proportion of Web application vulnerabilities, starting in the first half of 2004 and ending in the first half of 2006. This period roughly corresponds to the surge in popularity of social networking sites and “Web 2.0” in general. The exuberance over these then-new technologies left security considerations little more than an afterthought, not only for web site designers but for their users as well. Security attacks such as the WMF exploit on MySpace brought the issue to the public attention, and so did third-party security audits such as the Month of MySpace bugs.

Social networking sites are attractive to hackers not only because of potential security holes in the applications themselves, but the fact that the very nature of the site works as a way to spread attacks to more people. “In such a scenario, the attacker may use the legitimacy of the Web site to attract victims of subsequent attacks,” the Symantec report said. “Sites with large user bases, such as MySpace, have already been abused in this manner.”

Because the site is known and trusted, users are more likely to fall victim to unsolicited e-mails or invites and be tempted to download unknown attachments. Once compromised by a trojan, attackers gain access to personal information about the victim, including passwords to other sites, and can easily find other victims to attack via the user’s own friend lists.

The malware problem in general continues to grow. According to the latest report from security firm PandaLabs, there has been more malware detected in the most recent quarter than was found in all of 2000-2004, putting a strain on traditional key signature methods of malware identification. The number of virus-laden e-mails and phishing attacks are trending slightly downwards according to the latest data from MessageLabs, but this is more a function of increased targeting of attacks to specific people rather than a decrease in the number of attacks in general—the bad guys have had a busy harvest season collecting e-mail addresses and are trying to reap what they sowed as quickly as possible.

Discuss Print

Read Full Post »

Google opens up malware blacklist API

By Jeremy Reimer | Published: June 19, 2007 – 11:00PM CT

Google employees Brian Rakowski and Garrett Casto from the Antiphishing and Antimalware Teams have announced that the company is opening up its Safe Browsing API to the public. The Safe Browsing API allows easy access to Google’s updated blacklist of suspected phishing and malware-infested web pages. The blacklists are the same ones used in Google’s antiphishing plug-in for the Firefox web browser, as well as Google Desktop.

Anyone with a Google account can sign up for an API key, which is a 58-character string used to authenticate the user. It also allows Google to disable access to certain users if they violate the terms of service agreement. Applications that use the Safe Browsing API must limit the number of times they poll Google’s servers for updates to the blacklists, which Google updates every 30 minutes. There is also a limitation on the number of users an application using the Safe Browsing API is allowed to service: the license agreement states that if more than 10,000 users are expected to send regular requests to the API, an e-mail must be sent to Google to lift the cap. In addition, applications that use the API are required to inform users that the service does not provide 100 percent malware protection.

Google has been working on making the web safer for Internet surfers for some time now. The recent purchase of the web security firm GreenBorder, combined with the opening of their Safe Browsing API to the public, shows that Google is serious about wanting to improve the public’s perception of the safety of the web, and in particular of web-based applications. The effort has not always gone smoothly. Google had to quickly patch their blacklisting software when it was revealed that some of the URLs it listed contained user names and passwords. Google maintains that the Safe Browsing API is still “experimental” and subject to change. The company hopes to improve the API in the future, making it easier for small developers to integrate it into their applications.

While the concept of a freely-available blacklist for known malware sites is a good idea, it does not remove all possible security threats. Legitimate web pages that have been compromised by hackers—such as the recent attacks on Italian web sites—can still compromise users’ computers if they have not fully updated their OS and third-party software.

Discuss Print

Read Full Post »

Google crowdsources malicious web site detection to combat search poisoning

By Ryan Paul | Published: December 02, 2007 – 03:27PM CT

Earlier this week, Sunbelt Software issued a report describing how malware creators use sophisticated page redirect techniques and forum-posting bots to increase the ranking of web pages that propagate their viruses. In response to growing concerns about search engine poisoning and the presence of malicious web sites in the Google index, the search company is calling for users to help out by reporting web sites that attempt to distribute malware.

“Sunbelt Software has uncovered tens of thousands of individual pages that have been meticulously created with the goal of obtaining high search engine ranking,” wrote Sunbelt malware research team member Adam Thomas in a follow-up to the initial report. “For months now, our Research Team has monitored a network of bots whose sole purpose is to post spam links and relevant keywords into online forms (typically comment forms and bulletin board forums). This network, combined with thousands of pages [with redirects], have given the attackers very good (if not top) search engine position for various search terms.”

In a blog post on the company’s official security blog, Google representative Ian Fette writes about a new form that Google has created to facilitate malware reports. “Currently, we know of hundreds of thousands of websites that attempt to infect people’s computers with malware,” wrote Fette. “Unfortunately, we also know that there are more malware sites out there. This is where we need your help in filling in the gaps.”

Google’s simple badware report form allows users to input the URL of a malicious web site along with some details about the site’s behavior. Google will investigate sites reported by users and consider adding those sites to the company’s growing database. Sites that Google has marked as malicious will be flagged as such in search results so that users have adequate warning. Google is also making the contents of the database accessible to the public and third-party software developers with the Safe Browsing API which is used by the antiphishing feature in Firefox 2.

Sunbelt followed up with an additional report yesterday noting that, although Google has successfully purged from its index many of the sites responsible for the recent search engine poisoning attack, new malware propagation sites with .cn domains are rapidly climbing in page rank. It will likely remain a war of attrition for the foreseeable future, but crowdsourcing should put the odds in favor of stopping the most prevalent malware sites.

Discuss Print

Read Full Post »

%d bloggers like this: