A huge majority of user-generated comments to blogs and forums are malicious, while tools are largely ineffective.
Websense's biannual “State of the Internet” report revealed that 95 per cent of user-generated comments to blogs, chat rooms and message boards are spam or malicious. Websense Security Labs also identified a 233 per cent growth in the number of malicious websites in the last six months and a 671 per cent growth during the last year.
Looking at Web 2.0 security trends, the report found that the websites are increasingly being used to carry out a wide range of attacks, and claimed that ‘efforts to self-police these Web 2.0 properties have also been largely ineffective'.
The report said: “Websense research during the period showed that community-driven security tools (asking users to report inappropriate content) on sites like YouTube and BlogSpot are 65 per cent to 75 per cent ineffective in protecting web users from objectionable content and security risks.”
Patrick Runald, security research manager at Websense, claimed that the fact that the amount of detections of malicious sites is up by 671 per cent ‘is an insane amount'.
Commenting on the amount of malicious user-generated comments, Runald said: “We found that 95 per cent (of comments) are malicious that you do not want. The bad guys are looking for opportunities and have used automated scripts to place the comments and hope that someone clicks on the links.
“I guess that they are confident that the spam is relevant to the content as otherwise people will not click on it, but it is not hard to do and it would have to be relevant to make the scam relevant.”
He also claimed that there needs to be a stronger approach by companies to content filtering, as ‘a black and white approach is not enough'.
Runald said: “Content that is user created is dynamic in its nature. If you look at traditional web filtering it will allow Facebook.com, but the problem is if you allow Facebook.com you allow everything in it. This is not enough and you need real-time security as you do not know what the content will be.”