Miscreants intent on wreaking havoc on corporate systems are now regularly using the latest Web 2.0 techniques to inject malware into PDF and Flash files on the web, according to recent research from web security specialist Finjan.

They are able to do so thanks to the increasing inclusion of Javascript in these and other multimedia file types. "This offers crimeware authors the opportunity to inject malicious code into rich-content files used by ads and user-generated content on Web 2.0 sites," said Finjan's chief technology officer, Yuval Ben-Itzhak. 

As a result, he says, Finan is regularly finding disguised code embedded in HTML web pages on legitimate corporate websites and also in rich-content files. The company's Web Security Report for the first half of 2008 found that 46% of organisations didn't have a Web 2.0 security policy in place. 

Finjan's security specialists advise that the best way to detect and block 'dynamically obfuscated' code and similar types of advanced cybercrime techniques is by using real-time content inspection techniques. These can be used to analyse the code embedded in web content or files in real-time before it reaches the end-user. 

Comments

There are currently 0 comments about this blog.

Leave a Reply

Name

Email Address

Your Website URL (please include http://)

Your Comment

type the text from the image