Web services are increasingly ... dangerous

With more and more users turning to check mail, paying and working with Web applications, cybercriminals began to cling to them to exploit account information and other valuable data.

Source: Security Labs In the past few weeks, turn to Yahoo's email service, Google's Orkut virtual forum, and eBay's PayPal online payment system, in turn, become targets of attacks. All three firms have acknowledged a security breach in their service and quickly overcome it.

The attacks came at a time when Microsoft, which had an operating system running more than 90% of the world's computers, had patched dozens of vulnerabilities in email, browser, and office software applications. .v ., a number of vulnerabilities can be considered a record.

It is also a thriving time for virtual social forums like MySpace.com and Web-based calendar and messaging services provided by Google and Yahoo and many other companies.

"The difficulty emerges the wisdom"

Of course, with users rushing to use Web-based services, hackers cannot ignore it. In their eyes, this is a fertile untapped land.

" They started to realize that there are tons of vulnerable scripts that are weak and easy to hack, " said Eric Sites, Sunbelt Software's vice president of research and development.

One of the most recent discoveries is the kind of attack on Orkut, the virtual social forum belonging to Google. The worm tricked members into clicking on a photo link, but secretly downloaded a malware. Data such as names and passwords, along with Windows files, often store information about the user's bank account that will be tracked by the malware and automatically sent to the worm owner.

" The bad guys are going one step further and becoming more and more dangerous. It's sad that it is an outstanding idea. Certainly in the future, we will witness many more cases like this. "Chris Boyd, security expert, discovered the worm on the comment.

The goal is inevitable

Previously, in October last year, MySpace.com, the forum had 88 million registered users, was attacked by a malware: Each member suddenly added millions of other people to his friends list. .

The incident caused MySpace to become overwhelmed and malfunctioning for a while, but more dangerous, it triggered a warning bell about the risk of Web applications / services being hacked.

Analysts say that hackers are struggling to find a new direction is inevitable, as computer users become more and more alert. They are hard-pressed to install and run security software and patches that are much more up-to-date.

" It can be said, we have forced them to" The tricky thing. "The hacker is trying to wriggle under the radar scan by breaking into new areas, where the guards are loose, " the director of the center. Symantec's security response said.

Rapid response

Another motive for hackers to look at Web services is the power and high mobility of Web programming languages, allowing the browser to function just like Word, Excel, etc. Here, a Yahoo worm attacked the faulty script in Ajax, alerting the birth of new-generation malware.

With this worm, users who do not need to click on the attachment will still get stuck, just if they open the file to read it. After that, the worm will send mail to all the names in the victim's address book and send them to a remote server, presumably for spam distribution.

However, unlike desktop applications, companies like Yahoo, Google and PayPal can quickly block these vulnerabilities. PayPal has fixed the problem almost immediately by modifying several lines of code on the server, blocking the possibility of the vulnerability being exploited.

Meanwhile, companies like Microsoft who want to patch their PCs must upload patches to the network. Users will download these patches and install them on the machine - a more time-consuming cycle.

Thien Y