Web 2.0 Solution to Virus Problems
Is the Advent of User Generated Content Leading to Free AntiVirus SW
Sep 27, 2007
As long as there are computers, there is likely to be malicious software ('malware') which can transport itself through the Internet and cause damage to individual computers and large systems. Recently Web 2.0 front runner Blogger was hit by such an attack, leading to questions as to whether the service itself was compromised, potentially damaging Blogger's reputation in the process.
Luckily, the Blogger service was not compromised in any way, and the only people affected were those whose blogging accounts were temporarily hijacked, and their hapless readers - those that clicked the fatal link, in any event.
The Blogger Malware Problem
The sequence of events is reasonably well understood, and likely to happen again at some point in the future, if not with Blogger, then with some other Web 2.0 service. The general flow runs something like this...
- The blogger contracts email-aware malware as a trojan;
- The malware proceeds to spam their email address book with a message;
- The message contains a link, which the reader is invited to click;
- The address book contained an address that allows the blogger to blog from email;
- The message reaches all their readers.
Those readers scratching their heads need to be aware that with the advent of Web 2.0, which allows a higher level of interaction than ever before, people can update blogs from email, SMS, MMS, and, in the future, all kinds of additional connectivity options that we have not yet discovered.
The Anti-Virus Solution
Google dealt with the issue in its customary way -- offer something to help. The Blogger Buzz article that revealed the way that their blog2mail service had been abused pointed users to the Google Pack.
This marks something of a watershed. Google, it appears, realizes that user generated content and Web 2.0 is only going to fuel this kind of easy attack. It may have been a side-effect of a Trojan attack designed only to spam an address book, but it worried Blogger and Google enough to share the fact that they allow users to download the excellent Norton software for scanning and removing certain pieces of malware.
The Future of Anti-Virus
Perhaps the gravy train for anti-virus software companies is about to be derailed. As we hand ever more possibilities to the surfing public to create their own content, so we open the door ever more slowly to Trojan attacks.
From simple MySpace redirection hacks, to more sophisticated embedded scripting attacks through loopholes in server side scripting environments, it seems that the delivery of malware through these new channels.
Which leads to a simple conclusion - in order to protect their services from abuse, it is possibly up to the service providers to protect their users, and content generators from contracting malware in the first place. So, following Google's lead, maybe we are about to see the dawn of a new kind of free antivirus package, if only as part of a selfish plan to protect their own interests.
