Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Over the past couple of years, cybercriminals have increasingly focused on finding ways to inject malicious code into legitimate websites. Typically they’ve done this by embedding code in an editable part of a page and using this code to serve up harmful content from another part of the Web. But this activity can be difficult to spot because websites also increasingly pull in legitimate content, such as ads, videos, or snippets of code, from outside sites.

Now a researcher at Websense, a security firm based in San Diego, has developed a way to monitor such malicious activity automatically.

Speaking at the RSA Security Conference in San Francisco last week, Stephan Chenette, a principal security researcher at Websense, detailed an experimental system that crawls the Web, identifying the source of content embedded in Web pages and determining whether any code on a site is acting maliciously.

Chenette’s software, called FireShark, creates a map of interconnected websites and highlights potentially malicious content. Every day, the software maps the connections between nearly a million websites and the servers that provide content to those sites.

“When you graph multiple sites, you can see their communities of content,” Chenette says. While some of the content hubs that connect different communities could be legitimate–such as the servers that provide ads to many different sites–other sources of content could indicate that an attacker is serving up malicious code, he says. According to a study published by Websense, online attackers’ use of legitimate sites to spread malicious software has increased 225 percent over the past year.

Even legitimate hubs can pose a threat, however. In September, for example, the New York Times acknowledged that online criminals, masquerading as legitimate advertisers, had placed content on its site via an advertising network.

Attacking a network of this kind can be far more lucrative than attacking any single site. “Let’s suppose that the site’s security is top-notch. How can a malicious attacker get to the user?” Chenette says. “An ad network would be a fine choice.”

3 comments. Share your thoughts »

Credits: Websense

Tagged: Computing, Web, Internet, cyber attacks, cybercriminals, Internet Security, malicious code

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me