Web 2.0 security risks scrutinized

Web 2.0 sites that enable people to create content are increasingly used to carry out a wide range of attacks, according to a new security study.

Websense's State of Internet Security" (PDF), released Tuesday, notes that attackers are focusing their attention on interactive Web 2.0 elements. Some 95 percent of user-generated comments on blogs, message boards, and chat rooms are either spam or contain malicious links, the security vendor warned.

"The very aspects of Web 2.0 sites that have made them so revolutionary--the dynamic nature of content on the sites, the ability for anyone to easily create and post content, and the trust that users have for others in their online networks--are the same characteristics that radically raise the potential for abuse," Websense said in its report.

Web 2.0 sites, the company added, comprise "many" of the most visited sites on the Internet. The top 100 most visited Web properties, tended to be classified as social-networking or search sites. Nearly half, or over 47 percent, of the top 100 Web sites support user-generated content.

This is how Websense categorizes the Web and security risks.

(Credit: Websense)

At the same time, sites that allow user-generated content make up the majority of the top 50 most active distributors of malware. Over 60 percent of the top 100 Web properties either hosted malicious content or redirected users to malicious sites without their knowledge.

"With their large user base, good reputations and support of Web 2.0 applications, these sites provide authors of malicious code with abundant opportunity to easily reach a wide number of victims with their attacks," the report continued.

Meanwhile, efforts to self-police Web 2.0 properties have been "largely ineffective," Websense noted. The security company said its research during the first six months of 2009 indicated that community-driven security tools, which enable people to report inappropriate content, on sites including YouTube and BlogSpot are 65 percent to 75 percent "ineffective in protecting Web users from objectionable content and security risks."

According to Websense statistics, the number of malicious sites between January and June grew 233 percent over the second half of 2008, and 671 percent compared with the same period last year.

The security company also found that during the first six months of 2009, 78 percent of new Web pages with objectionable content such as pornography or gambling, contained at least one malicious link. Some 77 percent of Web sites with malicious code were compromised legitimate sites.

Vivian Yeo of ZDNet Asia reported from Singapore.

[askgees]

This is a waste of time. Why even write about it. This problem is the internets. ICCAN needs to be proactive regarding these issues. If a site is known for passing along malware then their domain reg. should be revoked. This is how you deal with these problems. Not by writing useless article or trying to put the burden on the bloggers. The web has no enforcement and is the biggest contributor to ID theft, malicious sites, spam and porn. The web needs to be enforced and reorganized.

[UsingUrBrainSinceUArent]

Good luck getting 200-some countries and their legal systems on-board.
Those damn "internets"!

The internet is what it is. It's arguably better than most of the neighborhoods we live in.

[krosafcheg]

You can't squeeze sand.

[DustyRomo]

Id have to agree that does indeed raise serious concern!

Jess
www.web-privacy.de.tc

[Miz_EM]

WebSense is a company that provides Internet filtering/blocking to schools and other enterprises. I think a study by an unbiased 3rd party would be more reliable, frankly.