Web 2.0, AJAX Bring New Era of Threats

By | June 19, 2006

Malware attacks created using emerging Web development tools such as AJAX are expected to begin showing up more frequently, as writers of malicious code match the skills of their legitimate counterparts. With the arrival of the Yamanner virus targeting Yahoo Messenger on June 13, industry analysts and security software vendors say the era of what might loosely be called Web 2.0 threats has arrived.

AJAX (Asynchronous JavaScript and XML), a technique that combines elements of the JavaScript and XML programming languages to allow Web site developers to speed the interactivity of their sites, can just as easily be used to help amplify attacks, experts agree.

The Yamanner worm uses AJAX to amplify and cloak delivery of its payload as it attempts to exploit a vulnerability in Yahoo Messenger´s JavaScript code. The JavaScript issue is a common cross-site scripting vulnerability, but the use of the Web 2.0 technology by Yahoo allows the worm to spread without user intervention, as AJAX is used to steal IM contact information and forward the threat to other accounts.Read Full Story

Leave a Reply