RSS Alerts

Related Stories

  • Final episode of 'Lost' tapped by hackers to spread fake anti-virus software
    There's nothing like the final episode in a TV series to bring out people on the Net looking for early copies of the cliffhanger, and 'Lost' looks to be no exception. Unfortunately, PandaLabs reports users' searches are being hijacked to get them to install fake anti-virus software.
  • Trojans continue to top malware list
    New research conducted by Panda Security shows that 61% of new threats created in the first quarter of 2010 were trojans.
  • 2009 was a record year for malware
    A PandaLabs report claims that 2009 will go down as perhaps the most prolific in malware history. In 2009, malware creators tapped into search tools used by the majority of web surfers, and exploited current events and popular culture.
  • Fake search engines used to divert users to malware infected websites
    Hackers are starting to create fake search engine sites to divert hapless internet users to malware infected websites, says PandaLabs, the research operation of Panda Security.
  • Does Web 2.0 Need Security 2.0?
    With the proliferation of Web 2.0 services, security concerns have escalated. Davey Winder investigates how infosec vendors are addressing these challenges and wonders whether security 2.0 actually exists
    Members' Content

News

You can't trust the internet, says Panda technical director

18 June 2010

After observing the IT security arena for around 20 years, Luis Corrons, Panda Security's technical director, has come to a simple conclusion – you can't trust the internet and, as a result, users should always be distrustful of everything they see on the web.

Corrons said that services like Facebook are allowing cybercriminals to create lures for internet users, causing them to infect their computers with malware. Facebook, he says, is the biggest social network, and in spite of the controversy caused by the (lack of) privacy of information, it doesn't stop growing.

"One of the easiest actions it enables is to say that you `like' something and many websites have added this feature, in such a way that you can say that you like something just with a click as long as you're logged in Facebook", he said in a security posting.

According to Corrons, the problem with this is that with some simple javascript code, the original use that was given to this functionality can be corrupted.

"Imagine that I add to the PandaLabs blog an icon so that you can say that you like PandaLabs. You'll think that your Facebook account will [then] be updated with the information that you like Pandalabs", he said.

But, he added, it is possible to alter the Facebook code to do something else, such as posting a note that: "Luis likes to know that he is a dummy."

Although this is clearly a joke, the Panda Security technical director says that the Javascript could do something worse, such as inviting users to click on a link to win an iPad, but, instead, the text that the other person wants will actually appear on Facebook.

The good news, Infosecurity notes, is that Corrons says his researchers have not yet seen any malware distribution using this attack methodology, but he hints that this could change. "My advice: be distrustful, don't trust anything and disable javascript in your browsers", he said.

 

This article is featured in:
Internet and Network Security Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water