Web Services Increasingly Under Attack

Security experts say that attackers are having to look for new avenues because users have become better at running security software and applying security updates.

"In some ways, we've forced them to be more clever because we've shut down the old means they had of infecting people," said Dave Cole, director of security response at Symantec. "What we see the attackers doing is trying to slide under the radar by moving into new areas where people's guards may be down."

Chris Boyd is seen at his home in Liverpool England on Wednesday March 8, 2006. Boyd, a security research manager at FaceTime discovered a worm attacking Orkut, Google Inc.'s social networking site. It spreads by tricking visitors into clicking on a link that promises photos. In fact, the link leads to a program masquerading as a picture that infects the person's PC. Once a computer is infected, it automatically e-mails banking details, user names and passwords to the worm's anonymous creator, according to FaceTime. (AP Photo/Dave Thompson) (Dave Thompson - AP) Technology and Media Blog From TiVo to YouTube, iPods to ID theft, The Post's tech staff reports from the crossroads of technology and culture. • FCC probes broadcasters' use of spectrum • Google making it easier for publishers to block stories from site • In Comcast-NBC merger, companies will seek to ease regulator concerns • Tech Blog: More Posts Sign Up for RSS Feed QUIZ What percent of U.S. tweens own a mobile phone? A. 15 percent B. 25 percent C. 35 percent D. 55 percent • Test Your Knowledge -- More Questions Save & Share Tag This Article  Saving options 1. Save to description:  Headline (required)  Byline 2. Save to notes (255 character max):  Blurb 3. Tag This Article

Nick Ianelli, an Internet security analyst with the federally funded CERT Coordination Center, said criminals who once launched broad attacks by sending malicious e-mails to millions of people are finding it more effective to target smaller groups of people who congregate in online communities.

"If you can send e-mails to those addresses and make it look like it's one of their friends, the chances they're going to do what you want them to do is better," he said.

Also spurring the attacks is the growing power and flexibility of Web programming languages that allow Web browsers to look and act more like word processors, spreadsheets and other computer programs. The recent Yahoo worm targeted faulty scripts based on a technology called Ajax, or Asynchronous JavaScript and XML.

The worm didn't require a user to click on an attachment, making it more virulent than many. An undisclosed number of users got infected simply by opening an e-mail from another infected user. The worm then sent itself to others in a person's address book and transmitted those addresses to a remote server, possibly for junk e-mail, security researchers said.

The ability of Yahoo, Google and PayPal to quickly plug this month's holes highlights one of the differences between combatting worms that target Web sites and those that go after flaws running on an individual's PC.

PayPal was able to roll out a fix almost immediately by altering several lines of code on its server, company spokeswoman Amanda Pires said. That blocked the ability to exploit a flaw that let cyber criminals intercept users who typed in a genuine PayPal Web address, security researchers say.

By contrast, companies such as Microsoft that plug holes on individual PCs have to get millions of users to download and install a patch, a process that's more time consuming.

Over time, computer security experts said, Web site designers will get better at anticipating the ways their code can be exploited, but by then criminals are likely to move on to newer targets.

"The trend is definitely for blended attacks and leveraging different kinds of vulnerabilities to take the next step," said Rick Wesson, chief executive of Support Intelligence, which tracks online abuse for corporate customers. "The arms race is going to continue."