Man sneezing

When Web 2.0 sneezes everyone gets sick

Web 2.0 facilitates greater communication. But where consumers gather, so will the fraudsters and patterns are emerging on how fraudsters are utilising the weaknesses in social networks and Web 2.0.

Towards the end of the 2000s 'Web 2.0' was the talk of the Internet. And as we enter this new decade the popularity of social networking websites such as YouTube, Friends Reunited, Twitter, Facebook, LinkedIn and a whole raft of new online innovations that facilitate greater communication shows no signs of abating.

Web 2.0 is not just a consumer phenomenon. Organisations of all shapes and sizes have been quick to recognise its considerable potential to create a direct dialogue with their customers. Many of these customers will be workers, accessing social networking sites either from the office, or externally on a device belonging to the organisation, whether authorised or not. Yet, whilst the vast majority of the business media's spotlight has been pinpointed on the wasted work-hours resulting from employees using such sites for personal use, little focus has been placed on the genuine danger posed by Web 2.0-specific Cybercrime.

Rise of Web 2.0 malware

In 2007, when Web 2.0 was in its infancy, there were just over 10,000 malicious software samples reported to be spreading via social networking sites. This figure rose to over 25,000 during 2008 and the statistics for the last year will undoubtedly be significantly higher again, in line with an overall trend in malware growth rates. Currently, malware specialist Kaspersky Lab detects over 35,000 new threats each day.

So why are Web 2.0 attacks on the rise? It all comes down to economies of scale and effectiveness: cybercriminals will always go where the crowds are. Social networking sites have experienced exponential growth in usage - in fact it is estimated that around 80 per cent of all Internet users accessed social networking sites in 2009, equivalent to more than one billion people. The ever-entrepreneurial cybercriminals have been quick to identify this 'market' opportunity and the fruits of their labour - for example, stealing passwords and confidential information that can be sold or used for profit - have proven successful with malicious code distributed via social networking sites proving to be 10 times more effective than malware spread via email.

A Web 2.0 attack will typically comprise one or more social networking sites, a malicious website (often set-up for the purpose of extracting money from the unsuspecting visitors) and a victim. Web 2.0 attacks take advantage of technological factors - such as out-of-date or unlicensed software - as well as human traits, exploiting the trust, curiosity and sometimes naivety that is often associated with these seemingly 'friendly' social networking sites.

Summer of Koobface

Whilst the upward trend in the volume of Web 2.0 malware continues to rise, it was in the middle of 2009 that we witnessed a major milestone in the evolution of social engineering-based attacks. In fact, the activity reported during June 2009 by far exceeded any other month on record. The culprit was Koobface (an anagram of Facebook) that was discovered by Kaspersky Lab over one year ago, targeting Facebook and MySpace accounts.

Over 575 new variants of this worm were reported throughout June 2009, spreading through a legitimate user's account to their friends' profiles. Comments and messages sent by the worm would contain a link to a fake YouTube-style website which invited users to download a 'new version of Flash Player'. The worm, rather than a media player, would then be downloaded and, once infected, the user would unknowingly start spreading such messages to his or her friends. In the meantime, the functionality of the worm had been extended.

Koobface continues to evolve and has broadened its reach to include not only Facebook and MySpace, but also sites including Hi5, Bebo, Tagged, Netlog and Twitter.

One particular benefit of Twitter is its URL shortening services, which help users to keep their messages within the 140-character limit, while still being about to provide a link to an external website. In fact, approximately 26 percent of all tweets posted on Twitter contain shortened URLs. Cybercriminals have recognised that they can take advantage of obscuring the true URL from the reader in an attempt to lure them to malicious websites or spam websites. Currently, Kaspersky Lab scans nearly 500,000 new unique URLs that appear in Twitter posts every day, and of those, up to 1,000 are malware attacks.


Web 2.0 threats are becoming more common, creative and varied. For example, in December 2009 the Trojan program, Twetti, was identified. This Trojan works by creating a request to the application programming interface, which results in data on so-called 'trends' - i.e. the topics most discussed on Twitter. The data returned is then used to create an apparently random domain name, which the Cybercriminals have registered in advance having used a similar method, and a redirect to this domain is created. The main part of the malware will be placed on the domain. In other words, the malicious link and the redirect are created on the fly via an intermediary, which in this case happens to be Twitter.

It is inevitable that the risk of the Web 2.0 sites 'sneezing' will continue to increase as long as their popularity remains. However, this should not mean your company network gets sick.

An ongoing programme of employee education and awareness should be certainly be in place. The enforced adherence to an enterprise-wide Internet and email usage policy should be complemented by up-to-date security software for every device that connects to the network, and a software asset-management strategy that ensures only licensed and fully patched software is being used. Take these precautions you will give your organisation the best chance of remaining fit and healthy, while still reaping the many rewards of using Web 2.0 to drive your business forward.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them