Fulfilling the predictions of many security experts, hackers have invaded a “social networking” Web site. The German version of the popular Wikipedia encyclopedia was used to post Web links that could spread malicious code.
Security software vendor Sophos reported Friday that links purporting to offer a fix to the MS Blaster computer worm led users instead to a bogus Wikipedia page. The links were in reality an attempt to spread malware that could bypass some anti-spam solutions.
The Wikipedia entry and links were removed, and no significant spread of the software was reported.
In the future, users can expect such attempts to grow more sophisticated and possibly more successful, according to IT-Harvest Chief Research Analyst Richard Stiennon, who called the Web 2.0 attacks “trawling.”
“This is the first warning statement, and the MySpaces of the world need to wake up and review how people are posting stuff,” Stiennon told TechNewsWorld.
Open to Abuse
In the past, hackers have taken advantage of Wikipedia’s openness in order to make mischief, according to Sophos. Wikipedia users can create and modify live encyclopedia entries on the fly.
“The very openness of Web sites like Wikipedia, which allow anyone to edit pages, makes them terrific but can also make them less trustworthy,” said Sophos Senior Technology Consultant Graham Cluley. “In this case, it wasn’t just that the information posted in Wikipedia’s articles was misleading — it was downright malicious.”
Feeling the Hurt
Although he called the posting of the malicious links on Germany’s Wikipedia “the easy way to do it,” Stiennon indicated that hackers will likely find new, improved ways to target Wikipedia, MySpace and other social networking sites.
Malicious efforts may affect these online destinations in the way that spammers damaged network news sites and e-mail in general.
“Now they’re going to start hurting open, public arenas with trawling attempts like this,” he said.
Users can minimize the danger of getting a malicious download or redirect by avoiding random links and using alternatives to Internet Explorer, such as Firefox, Stiennon said.
The latest antivirus and anti-spyware software can also help. Stiennon doubted whether or not the popular social networking sites — which could collaborate with appropriate organizations that track and minimize malicious URLs — would do much to improve security until they were significantly compromised.
The attack against Wikipedia was a proof of concept, said Stiennon, meaning that future efforts are likely to evolve as attackers attempt to profit from them.