One worm discovered in November 2006 launches a corrupt Web site without prompting after a user opens a media file in a player. Another program silently installs spyware when a video file is opened. Attackers have also tried to spread fake video links via postings on YouTube.
That reflects the lowered guard many computer users would have on such popular forums.
“People are accustomed to not clicking on messages from banks, but they all want to see videos from YouTube,” Rouland said.
Another soft spot involves social networking sites, blogs and wikis. These community-focused sites, which are driving the next generation of Web applications, are also becoming one of the juiciest targets for malicious hackers.
Computers surfing the sites silently communicate with a Web application in the background, but hackers sometimes secretly embed malicious code when they edit the open sites, and a Web browser will unknowingly execute the code. These chinks in the armor could let hackers steal private data, hijack Web transactions or spy on users.
For more on emerging cyber security threats, see this.