Web 2.0, AJAX Bring New Era of Threats

Malware attacks created using emerging Web development tools such as AJAX are expected to begin showing up more frequently, as writers of malicious code match the skills of their legitimate counterparts.

With the arrival of the Yamanner virus targeting Yahoo Messenger on June 13, industry analysts and security software vendors say the era of what might loosely be called Web 2.0 threats has arrived.

AJAX (Asynchronous JavaScript and XML), a technique that combines elements of the JavaScript and XML programming languages to allow Web site developers to speed the interactivity of their sites, can just as easily be used to help amplify attacks, experts agree.

The Yamanner worm uses AJAX to amplify and cloak delivery of its payload as it attempts to exploit a vulnerability in Yahoo Messenger’s JavaScript code. The JavaScript issue is a common cross-site scripting vulnerability, but the use of the Web 2.0 technology by Yahoo allows the worm to spread without user intervention, as AJAX is used to steal IM contact information and forward the threat to other accounts.

While there have been few high-profile manifestations of such threats, including Yamanner and a similar attack that shut down News Corp.’s MySpace social networking site in October 2005, it appears inevitable that more AJAX worms and other variations on the theme will appear.

“There’s a developer education issue that needs to be figured out before we get too far into the use of AJAX, to make it safer for everyone,” said Andrew Jaquith, an analyst with Yankee Group, in Boston. “It’s early in the game now, but these are likely to be the avenues that malware writers will be looking at and the most popular AJAX implementations will be the first targets.”

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internet’s Security IT Hub.

Interestingly, some of the earliest adopters of AJAX technology have been companies that have traditionally avoided high-profile attacks, such as Apple and Google, along with more frequent malware targets such as Microsoft and Yahoo. It will be incumbent on those firms to ensure that their applications have been thoroughly tested against Web 2.0 threats, Jaquith said.

Read the full story on eWEEK.com: Web 2.0, AJAX Bring New Era of Threats

Feeling stuck in self-doubt?

Stop trying to fix yourself and start embracing who you are. Join the free 7-day self-discovery challenge and learn how to transform negative emotions into personal growth.

Join Free Now

Picture of Matt Hines

Matt Hines

TRENDING AROUND THE WEB

4 zodiac signs who become more successful and rich with age

4 zodiac signs who become more successful and rich with age

The Blog Herald

9 situations in life where you should definitely seek a second opinion, according to psychology

9 situations in life where you should definitely seek a second opinion, according to psychology

Global English Editing

If you want to start every day feeling more productive and energized, say hello to these 8 morning habits

If you want to start every day feeling more productive and energized, say hello to these 8 morning habits

Personal Branding Blog

If you recognize these 5 signs, you have it in you to become rich and successful one day

If you recognize these 5 signs, you have it in you to become rich and successful one day

Small Business Bonfire

Was Jesus a shaman? Reclaiming the wild Christ

Was Jesus a shaman? Reclaiming the wild Christ

The Vessel

If you’re going through challenging times, these 6 habits will make you stronger

If you’re going through challenging times, these 6 habits will make you stronger

Jeanette Brown