Web 2.0 security: things to know about the social web

As more and more companies adopt Web 2.0 functionality, and the use of social networking as a business tool increases, there are definitely risks to be aware of. Websense CTO Dan Hubbard discusses how companies can protect their information from threats and compromise on the social Web.

Websense CTO Dan Hubbard outlines four ways companies can protect their information from threats and compromise on the social Web.

1) Most Web Posts on Blogs and Forums are Actually Unwanted Content (Spam and Malware) As more and more people interact with each other on sites allowing user-generated content, such as blogs, forums and chat rooms, spammers and cybercriminals have taken note and abuse this ability to spread spam, post links back to their wares and direct users to malicious sites. Websense research shows that 85 percent of all Web posts on blogs and forums are unwanted content - spam and malware - and five percent are actually malware, fraud and phishing attacks. An average active blog gets between 8,000 and 10,000 links posted per month; so users must be wary of clicking on links in these sites.

Additionally, just because a site is reputable, doesn't mean its safe. Blogs and message boards belonging to Sony Pictures, Digg, Google, YouTube and Washington State University have all hosted malicious comment spam recently, and My.BarackObama.com was infected with malicious comment spam.

2) The Top Search Results from Google are Safe, Right? Search engine poisoningis growing in popularity and used by cybercriminals to boost links to Web sites with malicious code or spam, up in the search rankings. Many users assume that the top results are "safe" but really they are directed to infected Web sites. For example in March, basketball fans who typed "March Madness" into their Google search bar and clicked on many of the top ranking links were actually led to Web sites infected with "rogue antivirus" software (see number 3).

3) You're Really NOT Infected; Be Careful Before You Download That In the past year Cybercriminals have increasingly used what's known as "rogue antivirus" to get information like credit card numbers and other private information from Web users. Typically, rogue antivirus authors use search engine poisoning to drive traffic to sites they own or have infected (as noted above). Often they post links on blogs and forums that link back to a malicious site under their control. When a user visits these Web sites, a window pops up warning them that their computer has been infected with malware. The user is prompted to pay money and download an "antivirus" software program to clean their system. In reality, the attackers have tricked the user into disclosing their credit card information to pay for the fake software as well as successfully installed malware on the user's machine. One example is the well-publicized Conficker worm that infected millions of computers around the world. Some users with the Conficker worm observed a file downloaded onto their machine. Upon running the file, the user was asked to pay US$49.95 to remove the "detected threat."

Join the CSO newsletter!

Error: Please check your email address.

Tags securityphishingsocial media

More about etworkFacebookGoogleSonyWebsense

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dan Hubbard

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place