Web 2.0 and Cloud Tech: A Spammers’ Paradise?

Spam

Web 2.0. Mashups. Cloud computing. User-generated content.

Those buzzwords represent some of the hottest technology trends today on the Web. But just as experts see enterprises and consumers making more use of those tools in 2009, they’re also warning that spammers and malware distributors will be doing the same.

Worse, those technologies may give spammers even more capabilities to wreak havoc during the coming year.

You can bet that increasingly sophisticated spammers will begin leveraging the cloud, rich Internet applications (RIA) and social-networking and content-sharing technologies in 2009, Stephan Chenette, manager of security research at Web security solutions provider Websense, told InternetNews.com.

And that’s a problem since businesses and end users are already wrestling with a deluge of spam and malware, and economic conditions that have IT projects stalled.

“The bad guys are winning, and, hopefully, the industry will work more closely together, cooperating more, communicating more, and sharing more information to fight them,” Chenette said.

They will also continue to compromise legitimate Web sites like they did recently with Adobe (NASDAQ: ADBE) and Business Week, so it could become more difficult to guard against them, Chenette said.

And they will distribute their command-and-control centers. That could make it more difficult to hurt them by taking out their nerve center — as happened with McColo and Atrivo/Intercage recently, when ISPs cut off access to those spammer-friendly hosts.

Threats in the cloud?

Websense gets its information from Threatseeker, a network of computers that scans 200 million Web sites every 24 hours, Chenette said. As a result, the company sees itself as being able to quickly detect emerging dangers online — and to anticipate threats still to come.

One such hazard is that the cloud will become a target for spammers, Chenette said. As spammers follow enterprises in migrating to the cloud, their transition could make it very difficult to block or shut them down because cloud service providers are considered trusted providers — the concept that forms the basis of the Internet and often encourages security filters and Web surfers to let their guard down.

For example, spammers leveraging the Koobface worm to urge users’ friends to visit infected sites on Google’s Picasa took advantage of the concept of trusted providers.

And with the proliferation of the cloud, spammers will find it becoming ever easier to ply their trade, he added.

[cob:Special_Report]”With Microsoft launching Azure recently and other players getting into the field, clouds will become even more cheap and competitive, and that will make it easier for spammers,” he explained. “They already deal with stolen credit cards and identity theft, and they’ll have multitudes of credit cards to hide their identities when setting up cloud accounts.”

Shutting down an account on a cloud host will not help because the spammers can easily open another account with another fake credit card. And spammers will also continue to leverage free e-mail services in the cloud like Google’s (NASDAQ: GOOG) Gmail, Microsoft’s (NASDAQ: MSFT) Hotmail and Yahoo (NASDAQ: YHOO) mail, according to Websense.

But the threats don’t end in the cloud.

From Web 2.0 to Spam 2.0

Mashups, which many vendors and enterprises love because they make it easy to build applications, are likely to become another big contributor to an increase in spam, Chenette said.

Much of the Web’s growth is due to the plethora of programmable Web APIs and PHP and JavaScript code and features available free on the Internet, Chenette said. “You don’t have to be a programmer now to create the coolest and most dynamic Web site on the Internet, you just have to be
good at finding free code on other sites and mashing it up and putting it on your site.”

“So, you use JavaScript or PHP code or programmable Web APIs from these sites on your page that give you the coolest menu or forms, and this allows cross-domain functionality.” Spammers will increasingly embed malicious code in those functionalities, Chenette predicted.

Page 2: As RIAs proliferate, so do the dangers

Page 2 of 2

Web 2.0 sites could become rife with danger, with many that rely on user-generated content likely to pose a problem as spammers exploit their content-sharing features, Chenette said.

For instance, sites like Facebook let users upload Web 2.0 applications with rich dynamic multimedia content such as Adobe (NASDAQ: ADBE) Flash and other RIA applications, and these could contain malicious code. Flash has been used heavily this year by spammers, who either include exploits in it or use it to redirect users to tainted sites that contain malicious code, Chenette said. And because Flash is available on a multitude of devices and operating systems, the potential scope of the problem could be huge.

“The problem with RIAs is that they’re cross-platform,” Chenette said. “You may think you’re protected because you run Linux, but Adobe’s statistics say 99 percent of Internet users have their programs installed on their machines, whether these run Windows or Linux.”

The difficulties could get worse as more RIAs are launched, he said.

“We’ll see further user of RIAs such as Google Gears and Silverlight,” Chenette predicted, adding that the number of legitimate Web sites that get compromised also will increase in 2009.

Often, the malicious code is hidden in advertisements on the compromised sites. “The business model for many Web 2.0 sites is that they make money by hosting advertisements, and they have no control over these third-party advertisements,” Chenette said — a fact that makes them likely to be abused by spammers.

Spammers evolving

Earlier this year, the clampdown on spam hosting that saw Atrivo/Intercage and McColo shuttered also sent worldwide spam levels plunging by 50 percent or more.

But spammers are nothing if not flexible, and reports are already suggesting that their efforts are again seeing new life.

“When the ISP was shut down, the spammers moved, and we’re predicting that in 2009 we’ll see many of the spam hosting ISPs move to foreign soil,” Chenette said. “Rumor has it that the command-and-control servers hosted by McColo have moved to the Ukraine, where the Internet laws and governance are not so strict as in the U.S.”

Command-and-control servers are the systems hosting the botnet software that spammers often use to create networks of infected PCs, from which they launch their spam and malware attacks. Relocating them to another host is just a question of moving the code over the Internet, Chenette said.

Tracking down and arresting spammers overseas is difficult because cooperation among law enforcement agencies is weak, although U.S. law enforcement agencies won a victory earlier this year when they indicted a Brazilian based in the Netherlands for selling botnets.

Another tactic spammers will increasingly use will be to distribute their servers among many small ISPs, rather than hosting them all with one large ISP such as McColo, Chenette predicted.

The solution for companies seeking to increase their security is to scan everything. “Social networking sites have changed the game, and it’s all about content now because Web sites host so many categories of content,” Chenette said.

“Scan and analyze everything to determine its content and validity.”

News Around the Web