Hackers are now using social engineering to spread their viruses and malware. An entry about a new version of the blaster worm in the German version of the Wikipedia gave a link to a fix for the new variant. They then sent an e-mail directing to a supposedly valid Wikipedia download, except it contained malicious code designed to infect the downloader’s computer. Sophos intercepted these e-mails and reported to the Wikipedia editors, who immediately removed the articles in question.
Wikipedia is an example of how a Web 2.0 site is – an online site composed of people sharing content, mainly unmoderated, and often social interactions. Web 2.0, a buzz word coined by Tim O’Reilly in 2004, is heavily-reliant on a trust system. But that trust system can be exploited in such a way does raise the question: is it time to implement some form of policing in these Web 2.0 sites?
This isn’t the first time Wikipedia went under fire concerning their open policy. After important current events, pages related to the event get vandalized by conflicting reports and what counts as outright fabrications. It’s just too easy to social engineer people to download malware in their belief that these sites are safe. It used to be they limited their actions to Myspace, but it seems they might be migrating to other targets. If that’s the case it may be time to have all the files scanned before they’re uploaded, just like attachments in e-mail. They’d have to rely on scanning that might prove unreliable for catching new malware and viruses. But there’s no easy way to check all of the links leading out of the site. One possible answer would be to moderate any links before they are added to a page, but that means there should be a large group of editors or volunteers willing to monitor the stream of data. But can such a group be accepted by the rest of the community?
[tags]social engineering, wikipedia, malware [/tags]