MALWARE

Wikipedia Hit By Web 2.0 Attack

Print Version
E-Mail Article
Reprints

By Jay Lyman
LinuxInsider
Part of the ECT News Network
11/07/06 8:14 AM PT

The open source encyclopedia project Wikipedia may be too open for its own good, judging from events of the past week. Following accusations of multiple instances of plagiarism on the site came the discovery of planted malware. Links to a bogus fix for the MS Blaster computer worm actually led readers to a fake Wikipedia page where they were duped into downloading a bypass for anti-spam software.


Free WiFi Hotspot Locator from TechNewsWorld
Wondering where to find the nearest publicly available WiFi Internet access? Our global directory of more than 100,000 locations in 26 countries is a terrific tool for mobile computer users.

Fulfilling the predictions of many security experts, hackers have invaded a "social networking" Web site. The German version of the popular Wikipedia encyclopedia was used to post Web links that could spread malicious code.

Security software vendor Sophos Latest News about Sophos reported Friday that links purporting to offer a fix to the MS Blaster computer worm led users instead to a bogus Wikipedia page. The links were in reality an attempt to spread malware that could bypass some anti-spam solutions.

The Wikipedia entry and links were removed, and no significant spread of the software was reported.

In the future, users can expect such attempts to grow more sophisticated and possibly more successful, according to IT-Harvest Chief Research Analyst Richard Stiennon, who called the Web 2.0 attacks "trawling."

"This is the first warning statement, and the MySpaces of the world need to wake up and review how people are posting stuff," Stiennon told TechNewsWorld.

Open to Abuse

In the past, hackers have taken advantage of Wikipedia's openness in order to make mischief, according to Sophos. Wikipedia users can create and modify live encyclopedia entries on the fly.

"The very openness of Web sites like Wikipedia, which allow anyone to edit pages, makes them terrific but can also make them less trustworthy," said Sophos Senior Technology Consultant Graham Cluley. "In this case, it wasn't just that the information posted in Wikipedia's articles was misleading -- it was downright malicious."

Feeling the Hurt

Although he called the posting of the malicious links on Germany's Wikipedia "the easy way to do it," Stiennon indicated that hackers will likely find new, improved ways to target Wikipedia, MySpace Latest News about MySpace and other social networking sites.

Malicious efforts may affect these online destinations in the way that spammers damaged network news sites and e-mail in general.

"Now they're going to start hurting open, public arenas with trawling attempts like this," he said.

Browser Beware

Users can minimize the danger of getting a malicious download or redirect by avoiding random links and using alternatives to Internet Explorer, such as Firefox, Stiennon said.

The latest antivirus and anti-spyware software can also help. Stiennon doubted whether or not the popular social networking sites -- which could collaborate with appropriate organizations that track and minimize malicious URLs -- would do much to improve security until they were significantly compromised.

The attack against Wikipedia was a proof of concept, said Stiennon, meaning that future efforts are likely to evolve as attackers attempt to profit from them.

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Jay Lyman   RSS

Related Resources

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]