Huge traffic aggregators such as the majority of social networking sites,attract not only huge percentage of the Internet's population on a regular basis, but also malware authors taking advantage of the medium as an infection vector -- and why not as a propagation one as well?ScanSafe just came up with some nice stats on the average number of social networking pages hosting malware - based on five billion web requests, there's one piece of malware hosted in 600 social networking pages :
"According to an analysis of more than five billion Web requests in July, ScanSafe found that on average, up to one in 600 profile pages on social-networking sites hosted some form of malware. The company also reported that the use of social-networking sites, often assumed to be popular only with teens, accounted for approximately 1 percent of all Web use in the workplace. “Social-networking sites have been newsworthy because of the concern over our children’s safety, but beyond unsafe contact with harmful adults, these sites are an emerging and potentially ripe threat vector that can expose children to harmful software,” said Eldar Tuvey, CEO and co-founder, ScanSafe. “Users are frequently subject to unwanted spyware and adware that can compromise their PCs, track online behavior and degrade PC performance.”
SpiDynamics recent research into Detecting, Analyzing, and Exploiting Intranet Applications using JavaScript , Hacking RSS and Atom Feed Implementations, and the countless web application vulnerabilities in popular portals turn this into a malware author's wet dream come true. You can also go through my key points on web application malware I made at the beginning of 2006, the "best" is yet to come.
Related resources and posts:
Malware
Malware Targets Social Networks - podcast
The Current State of Web Application Worms
Web Application Email Harvesting Worm
No comments:
Post a Comment