In an article on new data-theft techniques, Yuval Ben-Itzhak argues that by setting up accounts in trusted Web 2.0 sites, hackers can avoid current security features that prevent spyware from uploading stolen personal information.
In Web 2.0 and beyond, a stealthy Trojan on your PC will no longer need to send its stolen data to a malicious host server in the Third World. Rather, the Trojan will upload data to a MySpace page or another “trusted” Web 2.0 site that will not be blacklisted by URL filtering or reputation-based solutions. Once the data is downloaded from these sites, it is deleted. In essence, hackers could turn these sites into “safe harbors” for storing their stolen data.
This is an interesting downside to the read/write web that I hadn’t heard anyone articulate before.