A huge majority of user-generated comments to blogs and forums are malicious.
Websense's biannual “State of the Internet” report revealed that 95 per cent of user-generated comments to blogs, chat rooms and message boards are spam or malicious. Websense Security Labs also identified a 233 per cent growth in the number of malicious websites in the last six months and a 671 per cent growth during the last year.
Looking at Web 2.0 security trends, the report found that the websites are increasingly being used to carry out a wide range of attacks, and claimed that "efforts to self-police these Web 2.0 properties have also been largely ineffective".
The report said: “Websense research during the period showed that community-driven security tools (asking users to report inappropriate content) on sites like YouTube and BlogSpot are 65 per cent to 75 per cent ineffective in protecting web users from objectionable content and security risks".
Patrick Runald, security research manager at Websense, described the 671 per cent upturn in detections as "an insane amount'.
Commenting on the amount of malicious user-generated comments, Runald said: “The bad guys are looking for opportunities and have used automated scripts to place the comments and hope that someone clicks on the links.
“I guess that they are confident that the spam is relevant to the content as otherwise people will not click on it, but it is not hard to do and it would have to be relevant to make the scam relevant.”
He also claimed that there needs to be a stronger approach by companies to content filtering, as "a black and white approach is not enough".
Runald said: “Content that is user-created is dynamic in its nature. If you look at traditional web filtering it will allow Facebook.com, but the problem is if you allow Facebook.com you allow everything in it. This is not enough and you need real-time security as you do not know what the content will be.”
See original article on scmagazineuk.com
95% of user-generated comments to blogs and forums are malicious
Asking users to report inappropriate content a "largely ineffective" method.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
.png&h=140&w=231&c=1&s=0)
Partner Content
Machine identity a key priority for organisations’ security strategies: CyberArk
.png&h=140&w=231&c=1&s=0)
Partner Content
Elastic's Open Source Strategy Drives Innovation and Expansion
Partner Content
AI Supercharged: How Search is Powering the Future
.png&h=140&w=231&c=1&s=0)
Partner Content
Ransomware targets Australian SME false sense of security
Sponsored Whitepapers
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
.png&w=120&c=1&s=0)
EDUtech AU
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
