With rich websites that allow user-created content comes the problem of malicious users embedding malware into their pages on such services. How can Web 2.0 websites protect themselves from abuse?

From a developer's standpoint, knowledge is power. Knowledge and awareness of how attacks are carried out against Web 2.0 sites and following secure coding practices against those attacks are key to preventing them from happening. Never assume that your application is too small or that your system will not be targeted. Just as it only takes minutes for hackers to find a vulnerable, unpatched Windows PC to turn into a spam zombie and enlist it as part of a botnet, it is just as easy and just as certain that they will find and abuse vulnerable web applications too.

In your opinion, what kind of evolution can we expect when it comes to new attack vectors?

Unfortunately, malware has a bright future. The maturation of "Web 2.0" applications and services - with more software functionality pushed onto client systems and browsers - adds new vulnerabilities. Client systems are less protected than servers, making the larger footprint of Web 2.0 applications an inviting target. In addition, the tremendous profit potential of cyber crime has raised skill levels and created an entire criminal service industry devoted to stealing information or making money from stolen machines. Malware developers now write exploits rivaling commercial software in sophistication and quality, and their exploits are far more difficult to detect and clean.


Malware threats are fueling rapid growth in the worldwide market for defenses, with estimates ranging as high as 99% of networked systems used in business having some form of anti-malware defense installed. The annual growth rate for anti-virus software and services is forecasted to grow at 10.9% yearly from 2006-2013, climbing from $4.7 billion to $9.7 billion in annual global sales (Frost & Sullivan 2007, Worldwide Anti-Malware Products Market).