Widgets Are Prime Targets For Site Infection, Researcher Says

[Peaches]

Widgets Are Prime Targets For Site Infection, Researcher Says

Popular third- party site elements could be single point of infection, according to Dasient

Jan 21, 2011

Darkreading

WASHINGTON, D.C. -- Black Hat DC 2011 -- Infect a popular homepage, and you could infect thousands of users. Infect a popular widget, and you could infect thousands of websites.

Widgets, which are used for a variety of purposes to speed site navigation on the Web, are becoming increasingly popular tools on virtually all sites, says Daswani, who is CTO for malware prevention service provider Dasient. While most sites use only a few, a major publisher like the New York Times may use as many as 80 or 100 at a time, he says.

The problem is that many widgets are delivered to websites by third parties that serve the same widget to many different sites. The most popular widgets are those used for audience measurement, such as Google Analytics, or for advertising, such as Doubleclick, Daswani says.

But widgets can be infected with malware, and infecting the right widgets could mean reaching millions of users on multiple sites, the researcher warns.

Read more here: http://www.darkreadi...rcher-says.html