Widgets Are Prime Targets For Site Infection, Researcher Says

  /     /     /  
Publicated : 22/11/2024   Category : security


Widgets Are Prime Targets For Site Infection, Researcher Says


Popular third-party site elements could be single point of infection, according to Dasient



WASHINGTON, D.C. -- Black Hat DC 2011 -- Infect a popular home page, and you could infect thousands of users. Infect a popular widget, and you could infect thousands of websites.
Thats the approach that some malware authors might take in the future as they choose their targets, said security researcher Neil Daswani in a talk presented here earlier this week.
Widgets, which are used for a variety of purposes to speed site navigation on the Web, are becoming increasingly popular tools on virtually all sites, says Daswani, who is CTO for malware prevention service provider Dasient. While most sites use only a few, a major publisher such as a large daily newspaper could use as many as 80 or 100 at a time, he says.
The problem is that many widgets are delivered to websites by third parties that serve the same widget to many different sites. The most popular widgets are those used for audience measurement, such as Google Analytics, or for advertising, such as DoubleClick, Daswani says.
But widgets can be infected with malware, and infecting the right widgets could mean reaching millions of users on multiple sites, the researcher warns.
The compromise of just a few popular widgets can be used to turn the most highly trafficked websites on the Internet into distribution vehicles for malware, Daswani told Black Hat DC attendees.
If youre running an enterprise site need to take stock of all the widgets they are running, Daswani advises. Find out when they were put on your site and whether they have been vetted for security issues, and if so, when.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Widgets Are Prime Targets For Site Infection, Researcher Says