Speaking at the ongoing ShmooCon hacker convention on March 24, Billy Hoffman, lead research engineer at Atlanta-based software maker SPI Dynamics, detailed what he views as an epidemic problem in today's online world. SPI markets penetration testing tools used by businesses to ferret out security issues from their online sites and applications.
The issue was reported in security forums several months ago, and sent to CNN by researchers, but it still hasn't been fixed, Hoffman said.
Malicious-code writers are using the same techniques to create cross-site scripting threats -- malware attacks that inject code into end-users' browsers via holes in legitimate sites -- to mislead consumers into handing over their passwords and giving hackers access to their personal information, according to the researcher.
In the case of AJAX-bred Web tools -- which communicate information between backend servers and online applications without direct interaction from an end user -- malware authors have found a powerful technology for spreading their work and making off with valuable end-user data, without as much danger of being caught.