SECURITY

Wikipedia Hit By Web 2.0 Attack

Print Version
E-Mail Article
Reprints

By Jay Lyman
LinuxInsider
Part of the ECT News Network
11/07/06 8:14 AM PT

The open source encyclopedia project Wikipedia may be too open for its own good, judging from events of the past week. Following accusations of multiple instances of plagiarism on the site came the discovery of planted malware. Links to a bogus fix for the MS Blaster computer worm actually led readers to a fake Wikipedia page where they were duped into downloading a bypass for anti-spam software.


Improve Your Email Marketing
Our proven and powerful email marketing solution offers exceptional deliverability, detailed analytics, a robust feature set, and superior service and support. Learn how you can enhance your email marketing program today. Download a free trial!

Fulfilling the predictions of many security experts, hackers have invaded a "social networking" Web site. The German version of the popular Wikipedia encyclopedia was used to post Web links that could spread malicious code.

Security software vendor Sophos Latest News about Sophos reported Friday that links purporting to offer a fix to the MS Blaster computer worm led users instead to a bogus Wikipedia page. The links were in reality an attempt to spread malware Free Trial. Security Software As A Service From Webroot. that could bypass some anti-spam solutions.

The Wikipedia entry and links were removed, and no significant spread of the software was reported.

In the future, users can expect such attempts to grow more sophisticated and possibly more successful, according to IT-Harvest Chief Research Analyst Richard Stiennon, who called the Web 2.0 attacks "trawling."

"This is the first warning statement, and the MySpaces of the world need to wake up and review how people are posting stuff," Stiennon told TechNewsWorld.

Open to Abuse

In the past, hackers have taken advantage of Wikipedia's openness in order to make mischief, according to Sophos. Wikipedia users can create and modify live encyclopedia entries on the fly.

"The very openness of Web sites like Wikipedia, which allow anyone to edit pages, makes them terrific but can also make them less trustworthy," said Sophos Senior Technology Consultant Graham Cluley. "In this case, it wasn't just that the information posted in Wikipedia's articles was misleading -- it was downright malicious."

Feeling the Hurt

Although he called the posting of the malicious links on Germany's Wikipedia "the easy way to do it," Stiennon indicated that hackers will likely find new, improved ways to target Wikipedia, MySpace Latest News about MySpace and other social networking sites.

Malicious efforts may affect these online destinations in the way that spammers damaged network New HP LaserJet P4014n Printer Starting at $699 after $100 instant savings. news sites and e-mail E-Mail Marketing Software - Free Trial. Click Here. in general.

"Now they're going to start hurting open, public arenas with trawling attempts like this," he said.

Browser Beware

Users can minimize the danger of getting a malicious download or redirect by avoiding random links and using alternatives to Internet Explorer, such as Firefox, Stiennon said.

The latest antivirus and anti-spyware software can also help. Stiennon doubted whether or not the popular social networking sites -- which could collaborate with appropriate organizations that track and minimize malicious URLs -- would do much to improve security until they were significantly compromised.

The attack against Wikipedia was a proof of concept, said Stiennon, meaning that future efforts are likely to evolve as attackers attempt to profit from them.

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Jay Lyman   RSS

Related Resources

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]