The open source encyclopedia project Wikipedia may be too open for its own good, judging from events of the past week. Following accusations of multiple instances of plagiarism on the site came the discovery of planted malware. Links to a bogus fix for the MS Blaster computer worm actually led readers to a fake Wikipedia page where they were duped into downloading a bypass for anti-spam software.
Think you have to compromise on security to save on costs? Think Again. Trend Micro™ Enterprise Security, powered by the Trend Micro Smart Protection Network™, can lower your content security management costs by up to 40%. Find out just how much you’ll save with our TCO Impact Calculator.
Fulfilling the predictions of many security experts, hackers have invaded a "social networking" Web site. The German version of the popular Wikipedia encyclopedia was used to post Web links that could spread malicious code.
Security software vendor Sophos reported Friday that links purporting to offer a fix to the MS Blaster computer worm led users instead to a bogus Wikipedia page. The links were in reality an attempt to spread malware that could bypass some anti-spam solutions.
The Wikipedia entry and links were removed, and no significant spread of the software was reported.
In the future, users can expect such attempts to grow more sophisticated and possibly more successful, according to IT-Harvest Chief Research Analyst Richard Stiennon, who called the Web 2.0 attacks "trawling."
"This is the first warning statement, and the MySpaces of the world need to wake up and review how people are posting stuff," Stiennon told TechNewsWorld.
In the past, hackers have taken advantage of Wikipedia's openness in order to make mischief, according to Sophos. Wikipedia users can create and modify live encyclopedia entries on the fly.
"The very openness of Web sites like Wikipedia, which allow anyone to edit pages, makes them terrific but can also make them less trustworthy," said Sophos Senior Technology Consultant Graham Cluley. "In this case, it wasn't just that the information posted in Wikipedia's articles was misleading -- it was downright malicious."
Although he called the posting of the malicious links on Germany's Wikipedia "the easy way to do it," Stiennon indicated that hackers will likely find new, improved ways to target Wikipedia, MySpace and other social networking sites.
Malicious efforts may affect these online destinations in the way that spammers damaged network news sites and e-mail 
in general.
"Now they're going to start hurting open, public arenas with trawling attempts like this," he said.
Users can minimize the danger of getting a malicious download or redirect by avoiding random links and using alternatives to Internet Explorer, such as Firefox, Stiennon said.
The latest antivirus and anti-spyware software can also help. Stiennon doubted whether or not the popular social networking sites -- which could collaborate with appropriate organizations that track and minimize malicious URLs -- would do much to improve security until they were significantly compromised.
The attack against Wikipedia was a proof of concept, said Stiennon, meaning that future efforts are likely to evolve as attackers attempt to profit from them.
Print Version
E-Mail Article
Reprints
More by Jay Lyman
Next Article in Security
|
Open Source Security Player Sourcefire Going Public October 31, 2006 
While Red Hat is the original open source IPO, Sourcefire's plans are further evidence of the winning combination of open source software and the commercial business model, 451 Group Senior Analyst Nick Selby said. "Sourcefire's success has been with a platform built entirely around open technology," he explained.
|
Related News Alerts
More by Jay Lyman
|
Open Source Developer Dumps Novell Over Microsoft Deal December 26, 2006 
A key open source developer, Jeremy Allison, who cofounded the Samba project, has resigned from Novell in protest over the company's recent agreement to enter a collaborative arrangement with Microsoft. The deal has created an uproar in the open source community because it does not treat all recipients of the GPL equally and thus violates the spirit of the license, critics say.
|
Financial Firms Tap Microsoft for Linux December 22, 2006 
Three major financial institutions are among the first companies to go to Microsoft for Linux services, provided through an agreement the software giant struck with Novell. Although a recent survey showed customer approval of the collaboration, many members of the open source community view Novell's move as sleeping with the devil.
|
Mozilla Beefs Up Security in Firefox 2.0 December 21, 2006 
Mozilla's latest update to its open source Firefox browser includes security measures targeting phishers. Phishing scams that use social engineering techniques to dupe Web surfers into revealing personal financial information have become an effective way for cybercriminals to conduct their nefarious activities on the Internet.
|
Get Business and Technology News Alerts
Most Popular | Spotlight Features | Exclusives
This Week on ECT News Network | Podcasts
WiFi Hotspot Locator 
Inside TechNewsWorld
|
Reader Services
|
Corporate
|
Headline Feeds
Talkback: 
