Web 2.0 could lead to virus 2.0…



The last couple days, there’s been a virus spreading making use of yahoo mail’s interface. Usually web mail is considered a fairly safe way to get email, but in this case all that was done was the user clicking on a malicious email and the virus ran. It appears that javascript/AJAX/Web 2.0 applications are going to have to get closer scrutiny. In the Sans diary, they mention that they’ve analyzed javascript from several web applications and there are some that are vulnerable. (They’re contacting vendors.) They also point out web designers should keep this in mind as well..

The current worm could be readily modified to spread across many systems that do not escape javascript when displaying data from a foreign source. Many web developers should reexamine their code, and make sure that display functions do not deliver potentially malicious code.


The writeup on the yahoo worm gives the following details..

A Yahoo! mass-mailer is currently making the rounds with a subject of “[random word] New Graphic site”.

There is a good deal more that can be found at this link. Of course, turning of javascript kind of defeats the purpose of the mail interface. So that’s not a good workaround. They are working on a fix (already in the beta version) and are blocking many of the messages at this point.

Related Posts

Blog Traffic Exchange Related Posts
  • Network Security guide for the home or small business network - Part 2 - A Software Firewall Do I really need a hardware firewall? I'm running XP Service Pack 2 with the built in firewall? (or norton, or zonealarm?) Well, personal firewalls (the name that software firewalls go by) are good for a great many things that hardware firewalls AREN'T. They do have their limitations though and......
  • FBI / CIA virus Well... the media has taken the drab name of w32sober.X@mm or w32sober.x or w32sober.y, W32/Sober.AD-mm or any of those other drab names that we've been looking at the last week and dubbed the latest big virus, the FBI/CIA virus.... and it's gotten a lot of press the last few days.......
  • Modern Computer Viruses are almost NEVER from whom they claim to be from This is one that I've probably talked about before, but it's worth rehashing because of a call I had this afternoon. A customer had been receiving phone calls and email messages from folks asking that he stop sending them a virus. Essentially all of the viruses were claiming to be......
Blog Traffic Exchange Related Websites
  • Warning: Visiting This Site May Harm Your Computer Removal So you've just noticed that when you search for your website in Google, along with your standard listing you also have a message which reads "Warning Visiting This Site May Harm Your Computer". This article is all about *why* this warning appears, how to correct any issues with your......
  • Produce Visitors To Your Web Site And Lastly Start Out Earning An Income On-line Receiving readers aimed at your site is perhaps the most difficult part of internet website marketing. However, We have gave you a handful of methods you should choose to use produce targeted traffic aimed at your web. 1.       Target The Proper Keyphrases Steve Reese asserted keyword research can make or......
  • Protecting Yourself On The Internet Since its beginning in 1990 the online market place has revolutionised the way the world shares info. Unfortunately, it in addition has opened up a whole new world with bad people doing bad things. Illegal material hasn't been so easily available Big Dog Formula to tempt probably the most innocent......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site