Web 2.0 and Cloud Tech: A Spammers' Paradise?
More sites and businesses are hopping onto the latest tech bandwagons. You can bet that the bad guys will be, too.
Web 2.0. Mashups. Cloud computing. User-generated content.
Those buzzwords represent some of the hottest technology trends today on the Web. But just as experts see enterprises and consumers making more use of those tools in 2009, they're also warning that spammers and malware distributors will be doing the same.
Worse, those technologies may give spammers even more capabilities to wreak havoc during the coming year.
And that's a problem since businesses and end users are already wrestling with a deluge of spam and malware, and economic conditions that have IT projects stalled.
"The bad guys are winning, and, hopefully, the industry will work more closely together, cooperating more, communicating more, and sharing more information to fight them," Chenette said.
And they will distribute their command-and-control centers. That could make it more difficult to hurt them by taking out their nerve center -- as happened with McColo and Atrivo/Intercage recently, when ISPs cut off access to those spammer-friendly hosts.
Threats in the cloud?
Websense gets its information from Threatseeker, a network of computers that scans 200 million Web sites every 24 hours, Chenette said. As a result, the company sees itself as being able to quickly detect emerging dangers online -- and to anticipate threats still to come.
One such hazard is that the cloud will become a target for spammers, Chenette said. As spammers follow enterprises in migrating to the cloud, their transition could make it very difficult to block or shut them down because cloud service providers are considered trusted providers -- the concept that forms the basis of the Internet and often encourages security filters and Web surfers to let their guard down.
For example, spammers leveraging the Koobface worm to urge users' friends to visit infected sites on Google's Picasa took advantage of the concept of trusted providers.
And with the proliferation of the cloud, spammers will find it becoming ever easier to ply their trade, he added. "With Microsoft launching Azure recently and other players getting into the field, clouds will become even more cheap and competitive, and that will make it easier for spammers," he explained. "They already deal with stolen credit cards and identity theft, and they'll have multitudes of credit cards to hide their identities when setting up cloud accounts."
Shutting down an account on a cloud host will not help because the spammers can easily open another account with another fake credit card. And spammers will also continue to leverage free e-mail services in the cloud like Google's (NASDAQ: GOOG) Gmail, Microsoft's (NASDAQ: MSFT) Hotmail and Yahoo (NASDAQ: YHOO) mail, according to Websense.
But the threats don't end in the cloud.