Subscribe
About

Web 2.0 threats evolve

Paul Vecchiatto
By Paul Vecchiatto, ITWeb Cape Town correspondent
Cape Town, 13 May 2008

Internet security threats are becoming increasingly financially motivated and the advent of Web 2.0 has led to a sharp increase in malware and Trojan attacks, says a Panda Security executive.

Joao Matos, Panda Security's regional director for Canada, Latin America, Portugal and Southern European, Middle East and Africa, says there is a compounded growth in the targeting of the attacks.

"Part of the reason is that criminals have seen that it is less of a physical risk to robbing someone via the Internet. However, they are also targeting their attacks against institutions and groups of people by monitoring their behaviour patterns to determine the best way to attack them," says Matos, who is visiting Panda Security's local franchise holder Panda Security SA.

He also points out that Trojans and bots are now freely available to anyone who wants to use them to attack an individual or organisation.

The growth of these malicious software bugs is staggering, Matos says. Figures from Panda Security show that in July 2006, it detected 120 000 malware applications and 50 000 Trojans. This had grown to 150 000 Trojans and 400 000 malware applications in August 2007.

Matos says Panda Securities argues that to defeat the Web 2.0 security threat, the collective intelligence in the "Internet Cloud" must be used.

Cloudy intelligence

"This means that scanning against some 4.8 million known infections must be done over the Internet using a system that is both fast and light on bandwidth resources and the systems must prevent the process of attack, rather than just the actual virus itself," he says.

The increasing use of Web 2.0-type attacks has worried security firms and organisations alike in recent years as many firms are now dependent on using Internet applications for a number of transaction purposes - not all of which are financial.

Last year, Web security firm Finjan released a report saying new Web 2.0 type attacks were taking advantage of the fact that users were now able to download and upload content to Web sites.

These attacks, Finjan said, are targeting Web sites to implant malicious code or using Ajax (Asynchronous Java Script and XML) to query forms and Web pages that are not indexed by search engines.

Related story:
Web 2.0 opens security holes

Share