December 6, 2006

Web 2.0 Online Dangers. Use The Web But Be Cautious

Many of us are screaming that Web 2.0 online services are important to leverage as they add much more functionality to online applications than traditional HTML based web sites. However, security vendor Trend Micro cautions that even though these new services are useful they still come with dangers.

AJAX, SOAP, Web Feeds, and Wiki's all have their threats.

Trend Micro educates us as follows on the following real world threats:

Samy / Spacehero

Samy is a cross-site scripting (XSS) JavaScript virus which targeted MySpace. It contained a payload that will display the string "but most of all, Samy is my hero," on a victim's profile.

Spacefish

This is an ActionScript worm which exploits a vulnerability in Flash and spreads via MySpace. It is activated when a logged on user checks a compromised user's "About Me" page. The worm will redirect to a URL with a Shockwave Flash (SWF) file which is responsible for extracting a JavaScript snippet from another location and executes it. The worm contains a payload which modifies the profile it affects to include the string "BY SPAIRLKAIFS".

Yamanner

Yamanner is a computer worm written in JavaScript which targeted a vulnerability in Yahoo Mail. It infects the systems of those users who opened the e-mails and sends the address book of the victim to a remote server. The malware was initially discovered on June 2006.

All of the replicating malware mentioned only spreads on the server side, though one uses a local vulnerability. No copy of the worm is resident on the user system.

0 comments