Widgets or gadgets, as they have come to be known for PCs, have become an easy and quick way for Web sites to attract traffic, but their rise has been accompanied with a new form of Internet spyware. Malicious widgets capitalize on the user’s assumption that all Google widgets are moderated, and some argue they are not. At the Black Hat Hacker conference in Las Vegas, consultants from SecTheory and Cenzic security companies demonstrated how a simple looking gadget could access personal information through an Internet web browser. Sites that encourage users to jazz up their pages appear to be the prime targets for such malicious gadgets. But it doesn’t stop there. SecTheory and Cenzic believe that there are malicious widgets that steal information from other non-malicious widgets. Google discounts the SecTheory and Cenzic criticism. In a statement, Google retorts that the gadgets they distribute are regulated, and malicious gadgets are rarely found. When they are, the malicious widget is immediately
Facebook has also fallen prey to malicious widgets. Fortinet, another security firm, found a deceptive widget on Facebook called Secret Crush. The software promises to tell the user about a friend who is a “secret crush,” but really installs spyware. In an effort to assuage fears, in January Microsoft made it a high priority for Vista users to install Windows Sidebar Protection, a program that vets gadgets for possible malicious HTML code. When a malicious gadget is found, the icon is re-titled as a “bad gadget.”
As to whether malicious widgets will continue to be an invasive phenomenon in the hackers’ perverted and self-serving world, the jury is still out. However, it appears the front lines have been set.