Oh it’s a depressing job being a tech journalist sometimes; all doom, doom, doom…and gloom. But then again what do you expect from spending all day talking to security vendors? That said, who am I to disagree with companies of the size and bottomless resources as Symantec, McAfee et al? Their men-in-white-coats in labs and bunkers around the world surely know more about the threat landscape than any fresh-faced IT reporter could. Yes, there is obviously an element of the hyping-up of a problem in order to make the solution more attractive, but sometimes not much work is needed in the spin department.

Tom Newton of SmoothWall told me of a potential problem in many of the newer “Web 2.0 sites” like YouTube and Wikipedia, that have sprung up in recent years and basically rely heavily on user-generated content. Unfortunately, this reason for much of their success could also be their downfall – an irony I’m sure the multi-talented Canadian crooner Alanis Morissette would appreciate – in that malicious code writers are able to upload onto these sites html capable of generating known exploits for Internet Explorer, say, or so-called drive-by installations. Then they wait, and wait, and wait some more until an unsuspecting member of the public navigates to that particular page or clicks on that particular hyperlink and becomes infected with something rather unpleasant.

These “passive attacks” are growing in number, says Newton, because there is no way that the administrators of these sites can possible check out every single piece of content that has been uploaded. Well, it’s probably time they found out a way, pretty soon, or they may come to regret it. And in the meantime we may see acceptable usage policies at work getting a lot stricter.