Recent worms and viruses targeting Web apps, like MySpace and Yamanner, didn’t have much impact, but may only be the tip of the iceberg. Researchers warn that the next iterations of these attacks—attacks that could, for example, be used to devastate the stock market—are imminent and could have catastrophic results.
“It used to be that attackers designed code to steal data from individuals—now they´re designing worms and viruses to spread across Web sites to steal data in larger quantities,” says Billy Hoffman, lead R&D engineer for SPI Dynamics. “The type of damage these things can do is growing and it´s only a matter of time before we see attacks we currently consider to be worst-case scenario.”
Though he labels recent Web malware payloads “silly,” Hoffman expects this to change—and soon. In a presentation at the Black Hat security conference, he outlined attack examples, including one that used Google to capitalize on multiple SQL injection vulnerabilities in different Web apps, and another he called “1929” in reference to the stock market crash.Read Full Story