Web 2.0 could lead to virus 2.0…



The last couple days, there’s been a virus spreading making use of yahoo mail’s interface. Usually web mail is considered a fairly safe way to get email, but in this case all that was done was the user clicking on a malicious email and the virus ran. It appears that javascript/AJAX/Web 2.0 applications are going to have to get closer scrutiny. In the Sans diary, they mention that they’ve analyzed javascript from several web applications and there are some that are vulnerable. (They’re contacting vendors.) They also point out web designers should keep this in mind as well..

The current worm could be readily modified to spread across many systems that do not escape javascript when displaying data from a foreign source. Many web developers should reexamine their code, and make sure that display functions do not deliver potentially malicious code.


The writeup on the yahoo worm gives the following details..

A Yahoo! mass-mailer is currently making the rounds with a subject of “[random word] New Graphic site”.

There is a good deal more that can be found at this link. Of course, turning of javascript kind of defeats the purpose of the mail interface. So that’s not a good workaround. They are working on a fix (already in the beta version) and are blocking many of the messages at this point.

Related Posts

Blog Traffic Exchange Related Posts
  • Gmail Virus scanning and more I saw a link yesterday about Gmail adding virus scanning to their featureset. It's very good to see, they have very good junk filtering at this point and had a blanket policy that .exe's were banned (which would stop a good percentage of the bugs.) Anyway, it's good to see......
  • Web smarts is the main defence against spyware Over at the Security Fix, Brian Krebs is talking about spyware and the fact that keeping up-to-date on patches, and running current antivirus with current definitions is not enough to protect your machine from spyware. He sums it up by saying common sense is the best defence. Through the course......
  • Nyxem.E virus delete files payload F-secure has some details on a dangerous payload for the Nyxem.E virus. (The Nyxem.E virus is very similar to the Email-Worm.Win32.VB.bi that was talked about earlier in the week.) In fact, this virus seems to be spreading fairly well (not the blockbuster spread of older email viruses, but it is......
Blog Traffic Exchange Related Websites
  • Guide to Fine Fragrance The more that you know about fine fragrance and everything that encompasses this topic, the better able you are going to be to choose the perfumes and the fragrances that best meet your personal needs, tastes and styles. Here are some more frequently asked questions about the use of fine......
  • Warning: Visiting This Site May Harm Your Computer Removal So you've just noticed that when you search for your website in Google, along with your standard listing you also have a message which reads "Warning Visiting This Site May Harm Your Computer". This article is all about *why* this warning appears, how to correct any issues with your......
  • Creating Your Personal World Wide Web Banners Makes Sense Off! Banner ads are one of the most extremely popular and effective ways of internet advertising. Advertising online is economical for businesses of most sizes and empowers you to reach audiences worldwide in a way that isn't possible with any other media. Animated Banners Deliver Greater Answer Using an animated banner......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site