Web 2.0 could lead to virus 2.0…



The last couple days, there’s been a virus spreading making use of yahoo mail’s interface. Usually web mail is considered a fairly safe way to get email, but in this case all that was done was the user clicking on a malicious email and the virus ran. It appears that javascript/AJAX/Web 2.0 applications are going to have to get closer scrutiny. In the Sans diary, they mention that they’ve analyzed javascript from several web applications and there are some that are vulnerable. (They’re contacting vendors.) They also point out web designers should keep this in mind as well..

The current worm could be readily modified to spread across many systems that do not escape javascript when displaying data from a foreign source. Many web developers should reexamine their code, and make sure that display functions do not deliver potentially malicious code.


The writeup on the yahoo worm gives the following details..

A Yahoo! mass-mailer is currently making the rounds with a subject of “[random word] New Graphic site”.

There is a good deal more that can be found at this link. Of course, turning of javascript kind of defeats the purpose of the mail interface. So that’s not a good workaround. They are working on a fix (already in the beta version) and are blocking many of the messages at this point.

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 2 - A Software Firewall Do I really need a hardware firewall? I'm running XP Service Pack 2 with the built in firewall? (or norton, or zonealarm?) Well, personal firewalls (the name that software firewalls go by) are good for a great many things that hardware firewalls AREN'T. They do have their limitations though and......
  • The Great Cyberwar It went un-noticed by most people for a few years. After all, the ones that were affected were just those that were "asking for it". Where to start. Let's see, back in the day there were some that sent out messages to other peoples computers and even when people tried......
  • How to Remove Antivirus System Pro | Antivirus System Pro Removal Guide Last week I had the opportunity to remove Antivirus System Pro from not one, but two machines. Given that I was seeing it a bit more frequently I thought it might be a new rogue antivirus application, but I quickly found out that it's been out at least since June......
Blog Traffic Exchange Related Websites
  • Do I Really Need A Completely Free Spyware Removal Program? The need for an effective antispyware program has become an essential component to combat the online threat from adware. The large number of these types of adware software programs is a common pest for everyday people using the internet each day. Just as aeroplanes made the world a smaller place......
  • How To Adjust Web Hosting Devoid Of Downtime I am positive that if you are visiting this page, you will be interested in change web hosting. Changing from a single internet hosting provider to a different can cause downtime if you do not have the necessary abilities and experience. Here is a step by step guide to aid......
  • Creating Your Personal World Wide Web Banners Makes Sense Off! Banner ads are one of the most extremely popular and effective ways of internet advertising. Advertising online is economical for businesses of most sizes and empowers you to reach audiences worldwide in a way that isn't possible with any other media. Animated Banners Deliver Greater Answer Using an animated banner......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site