Warnings about threats and web viruses

Web worms and viruses can become a new threat to Internet users due to the vulnerabilities in testing the security of browsers and web servers.

That's what security research experts have done at this year's Black Hat Conference.

In pre-conference presentations, the researchers investigated the technical demonstration of embedding Javascript code on a web page to steal browser Histories information and scan intranet systems.

Specialists also showcased technology using AJAX technology - a technology that helps increase the interactivity of websites - to create web viruses capable of stealing personal information from users.

The threat appears

Experts warn that such threats are no longer a theoretical issue but have come into practice. These attack techniques have been used in attacks on MySpace and Yahoo users, said Billy Hoffman, lead research and development specialist at web security firm SPI Dynamics.

In the past year, the Samy worm has spread widely in the MySpace user community. The worm uses Javascript and AJAX code to add a "MySpace member" named "Samy" to the list of infected friends.

This incident has raised concerns that there will be many similar scripts that can spread widely within the website user community. However, the subsequent appearance was the worm using Javascript code to exploit security flaws in Flash and Windows Meta File (WMF) file formats to spread and spread widely.

Last June, the Yamanner worm appeared and spread widely in Yahoo's free email service community to collect email addresses for sale to spammers.

The opening sign

Such attacks are only a sign of a new trend, Jeremiah Grossman - founder and chief technology engineer of WhiteHat Security - confirmed in the presentation about the dangers of Javascript at Black Hat conference.

" We are returning to the early days of the email virus era. At that time everyone was just watching what viruses could do, " Grossman said.

Grossman also demonstrates the technique of identifying a list of websites that a user has accessed and demonstrates the ability to scan the entire internal network system using just Javascript without any exploit. any security error

" We do not need to attack operating systems anymore. The necessary and sufficient conditions to conduct an attack are online ," Grossman said.

The return of XSS

The emergence of web worms also marks the return of cross-site scripting attacks.

Cross-site scripting (XSS) is a popular technique for putting malicious code into the user's web access. This is a technique commonly used in online phishing, script kiddies, and spammers.

XSS attacks can allow a malicious website to insert code into another website. In these attacks, users will think that they are interacting with a trusted site. But maybe they are interacting to help trigger malicious code from another website.

Cross-site scripting is a fertile ground for attacks using Javascript and web worms, Grossman said. " If you don't want your site to become a malware distribution tool, then fix any XSS errors on your site ."

Security is still lacking

A recent survey conducted with social networking sites has resulted in a lot of these websites getting extremely dangerous XSS errors. These errors can be used to create web worms. In addition, the solutions to prevent XSS attacks are not much. Even the simplest thing is to disable Javascript, Hoffman said.

Secure Sockets Layer (SSL) encryption solution not only does not help against XSS attacks, but also helps them to bypass detection and attack tools.

Besides, experts are also urging browser developers to fix the above security issue.

As for users, it is necessary to raise awareness about security issues. Install security applications for your system.

Hoang Dung