Web 2.0 and Cloud Tech: A Spammers' Paradise? - Page 2

Page 2 of 2

Web 2.0 sites could become rife with danger, with many that rely on user-generated content likely to pose a problem as spammers exploit their content-sharing features, Chenette said.

For instance, sites like Facebook let users upload Web 2.0 applications with rich dynamic multimedia content such as Adobe (NASDAQ: ADBE) Flash and other RIA applications, and these could contain malicious code. Flash has been used heavily this year by spammers, who either include exploits in it or use it to redirect users to tainted sites that contain malicious code, Chenette said. And because Flash is available on a multitude of devices and operating systems, the potential scope of the problem could be huge.

"The problem with RIAs is that they're cross-platform," Chenette said. "You may think you're protected because you run Linux, but Adobe's statistics say 99 percent of Internet users have their programs installed on their machines, whether these run Windows or Linux."

The difficulties could get worse as more RIAs are launched, he said.

"We'll see further user of RIAs such as Google Gears and Silverlight," Chenette predicted, adding that the number of legitimate Web sites that get compromised also will increase in 2009.

Often, the malicious code is hidden in advertisements on the compromised sites. "The business model for many Web 2.0 sites is that they make money by hosting advertisements, and they have no control over these third-party advertisements," Chenette said -- a fact that makes them likely to be abused by spammers.

Spammers evolving

Earlier this year, the clampdown on spam hosting that saw Atrivo/Intercage and McColo shuttered also sent worldwide spam levels plunging by 50 percent or more.

But spammers are nothing if not flexible, and reports are already suggesting that their efforts are again seeing new life.

"When the ISP was shut down, the spammers moved, and we're predicting that in 2009 we'll see many of the spam hosting ISPs move to foreign soil," Chenette said. "Rumor has it that the command-and-control servers hosted by McColo have moved to the Ukraine, where the Internet laws and governance are not so strict as in the U.S."

Command-and-control servers are the systems hosting the botnet software that spammers often use to create networks of infected PCs, from which they launch their spam and malware attacks. Relocating them to another host is just a question of moving the code over the Internet, Chenette said.

Tracking down and arresting spammers overseas is difficult because cooperation among law enforcement agencies is weak, although U.S. law enforcement agencies won a victory earlier this year when they indicted a Brazilian based in the Netherlands for selling botnets.

Another tactic spammers will increasingly use will be to distribute their servers among many small ISPs, rather than hosting them all with one large ISP such as McColo, Chenette predicted.

The solution for companies seeking to increase their security is to scan everything. "Social networking sites have changed the game, and it's all about content now because Web sites host so many categories of content," Chenette said.

"Scan and analyze everything to determine its content and validity."