Hackers Targeting Web 2.0 Sites at Alarming Rate

Can’t get enough of Facebook? Love to post a comment or two on your favorite blogs? Guess what? Hackers and spammers love your Internet habits almost as much as you do and they’re turning it into quite a profitable little enterprise.

Social networking and user-generated content sites have become a haven for spam, spyware and phishers, according to the latest Internet security report from San Diego, Calif.-based security software maker Websense.

The report found that 95 percent of user-generated comments on blogs, message boards and chatrooms are either spam or malicious. Websense’s Threat Seeker network scanned more than 40 million Web sites and 10 million e-mails every hour over the past six months to compile its research report.

“The very aspects of Web 2.0 sites that have made them so revolutionary — the dynamic nature of content on the sites, the ability for anyone to easily create and post content, and the trust that users have for others in their online networks — are the same characteristics that radically raise the potential for abuse,” Websense researchers wrote in the report.

Recent spamming and phishing attacksat popular sites such as Facebook and Twitter underscore just how quickly hackers have caught on to the Web 2.0 tastes of Internet users.

Websense said of the top 100 most-visited Web sites, 47 percent support user-generated content. These open and largely unsupervised forums typically lack the security applications and processes needed to weed out the bad guys, the company said.

Sites that allow user-generated content make up the majority of the top 50 most active distributors of malware and 61 percent of the top 100 Web properties either hosted malicious content or redirected users to malicious sites without their knowledge, Web sense said.

“Websense Security Labs research also discovered that more than 200,000 phony copycat sites have been created, all including the terms Facebook, MySpace or Twitter in their URLs,” the report said. “These sites are created by fraudsters seeking to take advantage of the huge number of users on social networking site.”

Further, Websense security experts said community-driven security tools, which enable users to report inappropriate content, on sites including YouTube and BlogSpot are 65 percent to 75 percent “ineffective in protecting Web users from objectionable content and security risks”.

The number of malicious sites between January and June grew 233 percent over the second half of 2008, and 671 percent compared to the same period last year. Also 78 percent of new Web pages with objectionable content such as pornography or gambling, contained at least one malicious link and 77 percent of Web sites with malicious code were compromised legitimate sites.

“Spammers know where to go to get the most bang for their buck,” said Sam Masiello, director of threat management at McAfee’s MX Logic security team. “These botnets can get control of tens of thousands of machines in a short period of time. When they send out their spam messages, if they can get even a fraction of a percentage of recipients to purchase whatever they’re advertising they stand to make a nice profit.”

Sex is especially enticing to spammers. Fifty percent of Web pages with a link categorized as “sex” have at least one malicious link, according to the study.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web