Web 2.0 security risks scrutinized
Interactive elements have their downside: 95 percent of user-generated comments on blogs, message boards, and chat rooms are either spam or malicious, a new report warns.
Web 2.0 sites that enable people to create content are increasingly used to carry out a wide range of attacks, according to a new security study.
Websense's State of Internet Security" (PDF), released Tuesday, notes that attackers are focusing their attention on interactive Web 2.0 elements. Some 95 percent of user-generated comments on blogs, message boards, and chat rooms are either spam or contain malicious links, the security vendor warned.
"The very aspects of Web 2.0 sites that have made them so revolutionary--the dynamic nature of content on the sites, the ability for anyone to easily create and post content, and the trust that users have for others in their online networks--are the same characteristics that radically raise the potential for abuse," Websense said in its report.
Web 2.0 sites, the company added, comprise "many" of the most visited sites on the Internet. The top 100 most visited Web properties, tended to be classified as social-networking or search sites. Nearly half, or over 47 percent, of the top 100 Web sites support user-generated content.
At the same time, sites that allow user-generated content make up the majority of the top 50 most active distributors of malware. Over 60 percent of the top 100 Web properties either hosted malicious content or redirected users to malicious sites without their knowledge.
"With their large user base, good reputations and support of Web 2.0 applications, these sites provide authors of malicious code with abundant opportunity to easily reach a wide number of victims with their attacks," the report continued.
Meanwhile, efforts to self-police Web 2.0 properties have been "largely ineffective," Websense noted. The security company said its research during the first six months of 2009 indicated that community-driven security tools, which enable people to report inappropriate content, on sites including YouTube and BlogSpot are 65 percent to 75 percent "ineffective in protecting Web users from objectionable content and security risks."
According to Websense statistics, the number of malicious sites between January and June grew 233 percent over the second half of 2008, and 671 percent compared with the same period last year.
The security company also found that during the first six months of 2009, 78 percent of new Web pages with objectionable content such as pornography or gambling, contained at least one malicious link. Some 77 percent of Web sites with malicious code were compromised legitimate sites.
Vivian Yeo of ZDNet Asia reported from Singapore.