Who does not know Facebook and Twitter? Internet Users of this era would hardly be separated from the two events that cyberspace slang. Facebook and Twitter is the implementation of Web 2.0.
What is web 2.0? This is the latest generation of the most global of the web, where all web users can publish and receive information freely, to collaborate and socialize with each other. If the Web 1.0 era we can only access information only, with all its limitations, then the Web 2.0 we may share information we have, whether it comes from our own or from other sources. We also made possible directly interact with other web users.
With all the advantages that, no wonder if Web 2.0 makes a lot of people interested in using the Internet. Those who initially do not know the virtual world, became curious and wanted to try, because the Web 2.0 hype this attraction.
It's fun, even mencandui some people. The day just does not access Facebook or Twitter, it's no less. Unfortunately there are still many people do not realize that all the ease of sharing and accessing that information along with other threats, the malware that can also exploit the gaps that exist.
As we know, a variety of Web 2.0 applications are not only used at home, but also in the corporate environment. Means there are a lot of important company data that can be targeted by malware creators. Users do not realize that they become the target of attacks, because too cool to enjoy the many conveniences, not even cool to socialize expand friendships and business networking.
What's worse is that if users do not know if he would help the attack and also become its victim. From our virus lab, showed that social networks become increasingly popular target of malware authors. Each year, the number of malware samples associated with social networking multiplied over the previous year.
Brand-new concept offered by web 2.0 is changing the style of classic navigation becomes much more interactive. Even the users can keep in touch through the web 2.0 movement with a device such as mobile phones. Yes, this is such an understanding in which people constantly connected to each other with the web 2.0 as medium, and a variety of sophisticated devices that support. Anywhere, anytime.
Malware before web 2.0
Now we try to examine what makes the malware involved to make a web 2.0 as its main target. How does malware spread before the era of Web 2.0?
Trip computer viruses and malware is approximately equal to the travel information itself. In the past, the information is physically transferred from one computer to another using a variety of storage media. In the early 1980s, the information spreads through the network of personal data is expensive. Only then slowly began to be used by the network among businesses for email and information transmission. In the late 1990s, began to many cases of virus attacks on computers in the realm of personal and business, which usually attacks via email.
Without felt the World Wide Web so quickly developed into a very valuable platform for information exchange, global trade, and productivity of the workforce. Slowly but surely, we are aware that not all information can we share it to everyone. This is where we know that the information becomes very valuable, worthy only distributed to a particular party and become dangerous when leaking or damaged.
As long as it also emerged the so-called Era of the Internet worm, which attacks Code Red, Blaster, Slammer and Sasser to a number of corporate networks. Do not miss the Melissa virus that also attacked the email, and come through instant messaging or application of peer-to-peer. All targeted Microsoft, for so the operating system most widely used. They deal with all the attacks with the addition of a firewall, checkers run a number of mechanisms to mitigate the anti-worm. Users are also invited to diligently update of Windows security applications.
Why Web 2.0 Target Being Soft Malware and Cyber Criminals? In recent years, social networking site became one of the most popular source of information on the Internet. RelevantView and eVOC Insights predicts that in 2009 social networking sites used by 80 percent of Internet users around the world, which means more than one billion people.
The growth of this popularity is certainly known by the criminals krinimal cyberspace. So no wonder a number of sites become primary targets of malware and spam, in addition to a number of other crimes.
Social networking sites like Facebook, MySpace or Twitter, it has been riveting millions of Internet users, as well as cyber criminals.
As severe if the attack on this social networking? In January 2008, a Flash application called Secret Crush that contains links to adware programs are on Facebook. More than 1.5 million users downloaded it before realized by the site administrator.
Kaspersky Lab in July 2008 identified a number of incidents involving Facebook, MySpace and VKontakte. Net-Worm.Win32.Koobface. spread throughout the MySpace network the same way with the Trojan-Mailfinder.Win32.Myspamce.a, which was detected in May.
Twitter no less a target, in August 2009 when it was attacked by cyber criminals who advertise erotic videos. When the user clicks it, then automatically download the Trojan-Downloader.Win32.Banload.sco. LinkedIn also did not escape from malware attacks in January 2009, which tricked users for clicking on the profile a number of celebrities, but they've clicked a link to a fake media players. Later that month, YouTube became the target of malware.
July 2009 back to Twitter as a medium for modification New Koobface infections, worms which mempu hijack a Twitter account and transmitted through its news, and infect all the follower. All cases were only a part of so many cases the spread of malware across social networks.
The threat in the era of Web 2.0
End of 2008, Kaspersky Lab collected more than 43,000 malicious files associated with social networking sites. One of the most famous worm that attacked the social networking site is Koobface detected as Net-Worm.Win32.Koobface. This worm popular at about a year ago to attack Facebook and MySpace accounts.
The general structure to the web 2.0 attacks usually consist of three steps. First, the user receives a link from a friend enarik form of information, such as video clips. Second, users are asked to install certain programs to be able to watch the video. Third, once installed, the program silently steal user account and continue the same trick to other users
The method was similar to the way the worm spreads through email. The worm is distributed through social networking sites infects almost 10 percent successful. Koobface also provide links to fake antivirus programs such as XP Antivirus and Antivirus2009. Spyware programs also contain the worm code.
The threat to social networking sites is far more horrible than to email. Why? In addition to worm infection, the related accounts is also a victim of the botnet, and even the owner also affected. Botnets are able to steal user names and password, then spread the false message that can harm others, such as money transfer request. So who are victims of not only his account, but the owner of the account itself, and others who send false messages.
Weak side of human
One of the most important of attacks against Web 2.0 is the factor component of human weakness, especially when dealing with users who do not understand that his computer had been infected.
Social networking sites of today offer additional customization and functionality to share content-rich-featured personal, photo files, or multimedia with as many people as possible in cyberspace. This site allows users to share thoughts and interests with fellow friends and community. In general, users of social networking sites trust each other. This means that if they receive a message from his friend, it will immediately clicking away without suspicion that the message was inserted by malware.
Today many people believe that using a Web browser similar to go window shopping or go to the library in the real world. No one's going happen without their knowledge. Whereas on the Web, once we clicked the wrong link, or unintentionally, then the same meaning already let thieves or spies into our homes. Yes, thieves or eavesdroppers in the virtual world just as invisible in cyberspace.
Take for example, applications are often necessary penyingkat URL in Micro-blogging like Twitter. Because katakter message is only limited to 140 characters, then the user must use the application penyingkat URL when inserting a link to another site. Applications penyingkat URL such as TinyURL, Is.gd or Bit.ly will not show the actual URL name. Just enough information and links that have them concise.
Imagine if the user's account has been compromised botnet without knowing. Botnets will be using his Twitter account, post a "click my photo that this cute" and then followed by the URL that has been summarized, then his friends will instantly clicked. Malware contained in links that will bring the victim to another site that was already prepared to "trap".
Social networking sites like Facebook usually collaborate with other sites to be connected to each other. They are referred to as the third partition, aka third party after facebook itself, and its users. Many cases where the third partition would be used as vectors, aka "vehicle" of the attacker.
There are two questions we can ask to explore this issue. How many Facebook users add the application the third partition on her profile? How much they know about what is actually done by applications that third partition?
On paper, the experts say that Facebook and other social networks have to rethink how they design and develop application programming interface (API). It is said that social networking providers should be careful in designing the platform and API. They have heart-to-day with the technology used by the client side, such as JavaScript. The operator of social networking sites should have developers who are quite strict in the use of APIs, which are able to provide access to resources that only really associated with the system.
Any applications that run on social networking sites also should exist in an isolated environment to prevent the interaction of applications with other Internet hosts that are not participating in those sites.
Privacy Issues
Malware is not just the only problem when we talk about social networking sites. How personal data users can be safe is another question. Then, how hard we really protect ourselves and our data on social networking sites?
When evil people attack with a slick design, then the users need to improve standards of safety precautions. Advice such as "Do not open files received from unknown source" is no longer useful, because the activity of the attacks have been able to disguise the identity of the friend who we know well. This means we can not even trust the message or file that is sent our own friends.
It takes many layers of protection. Internet security solutions such as anti-malware is the best choice, but it is also necessary updates intense. Users should continue to increase alertness and level of security, because the attacker will also continue to expand the strategy.
Here are the evolution is happening on the web 2.0. First, Mobility. Both the content and the display to access it will be more mobile, so keterhantungan on the hardware to access and physical location would be reduced. The more varied platforms that will be difficult for malware authors use to break through. They will be difficulties about what operating system and hardware that will be used the user.
When evil people attack with a slick design, then the users need to improve standards of safety precautions. Advice such as "Do not open files received from unknown source" is no longer useful, because the activity of the attacks have been able to disguise the identity of the friend who we know well. This means we can not even trust the message or file that is sent our own friends.
One layer of protection that can be added to the browser is that to prevent exploits. Users should protect themselves from XSS worm with only allows executing JavaScript code from a trusted source. Users also should have a minimum share personal addresses such as phone numbers, home addresses and other personal information.
It is rather difficult to limit which ones can be divided and that is not on social networking sites. Basically everyone needs privacy in the wilderness of cyberspace. Do not we also be korbam classic phishing tricks, especially when it emerged a new site page when clicking on the third partition application that asks us to log-in to fill in name, and a number of other personal data. If we doubt over the authenticity of those pages, it's good we go back to the original page back up by typing www.facebook.com.
It takes many layers of protection. Internet security solutions such as anti-malware is the best choice, but it is also necessary updates intense. Users should continue to increase alertness and level of security, because the attacker will also continue to expand the strategy.
All the cases that we discussed above is only a beginning only. The attack on social networking sites now exist in a variety of levels, ranging from malware to phishing. Cyberspace criminals will use the vector to the web 2.0 is more and more for the sake of spreading dangerous applications. But the evolution of attacks to web 2.0 will be in line also with the evolution of Web 2.0 by itself.
Here are the evolution is happening on the web 2.0. First, Mobility. Both the content and the display to access it will be more mobile, so keterhantungan on the hardware to access and physical location would be reduced. The more varied platforms that will be difficult for malware authors use to break through. They will be difficulties about what operating system and hardware that will be used the user.
Second, localization and contextualization. Content and mobile interface to make service better for the user. All tailored to their needs. Cyber criminals inevitably would introduce a paradigm shift is to increase its attacks.
Third, interoperability. Social networking allows us connected to each other, then there must be security system built by the network and its users alone. This security problem can easily be improved if social networking was started to unify their services.
quoted from : kompas.com
