informa
Quick Hits

Widgets Are Prime Targets For Site Infection, Researcher Says

Popular third-party site elements could be single point of infection, according to Dasient
WASHINGTON, D.C. -- Black Hat DC 2011 -- Infect a popular home page, and you could infect thousands of users. Infect a popular widget, and you could infect thousands of websites.

That's the approach that some malware authors might take in the future as they choose their targets, said security researcher Neil Daswani in a talk presented here earlier this week.

Widgets, which are used for a variety of purposes to speed site navigation on the Web, are becoming increasingly popular tools on virtually all sites, says Daswani, who is CTO for malware prevention service provider Dasient. While most sites use only a few, a major publisher such as a large daily newspaper could use as many as 80 or 100 at a time, he says.

The problem is that many widgets are delivered to websites by third parties that serve the same widget to many different sites. The most popular widgets are those used for audience measurement, such as Google Analytics, or for advertising, such as DoubleClick, Daswani says.

But widgets can be infected with malware, and infecting the right widgets could mean reaching millions of users on multiple sites, the researcher warns.

"The compromise of just a few popular widgets can be used to turn the most highly trafficked websites on the Internet into distribution vehicles for malware," Daswani told Black Hat DC attendees.

"If you're running an enterprise site need to take stock of all the widgets they are running," Daswani advises. "Find out when they were put on your site and whether they have been vetted for security issues, and if so, when."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading: