Feeds

Infection-by-cache risk unearthed

Caches give malware longer life

Beginner's guide to SSL certificates

Malware housed on storage and caching servers, such as those used by ISPs, enterprises, and leading search engines, continues to pose a risk after websites containing malicious code have been pulled.

So says web security firm Finjan, which warns that instead of pointing users towards sites hosting malware, hackers could try to dupe users into visiting contaminated caches. The trick might be used to foil URL filtering products, it says.

"This is more than just a theoretical danger," Finjan chief technology officer Yuval Ben-Itzhak said. "It is possible that storage and caching servers could unintentionally become the largest 'legitimate' storage venue for malicious code. Such 'infection-by-proxy' introduces new risks for businesses and consumers where trusted web addresses become a potential distributor of malicious code - making URL Filtering solutions blind."

Finjan has published obfuscated examples of malware found on storage and caching servers to support its claims.

One well-known hacking tactic involved breaking into vulnerable web servers to install Trojan downloader code, which often takes advantage of browser vulnerabilities to download malware onto target PC (examples here and here). Finjan's point is that users visiting a cached copy of such (potentially mainstream) sites would be infected even if the main site pulled the malware. Search engines are not doing enough to flush their caches, it warns."

Finjan has sent search engines and service providers technical details of its discovery, uncovered by Finjan's Malicious Code Research Centre (MCRC) during its quarterly security trends analysis, and is continuing its dialogue with these firms in the hope of nipping the problem in the bud.

Finjan's net security report, which also discusses the increased use by hackers of Web 2.0 technologies to upload malware and the illicit trade in exploit code, can be found here (registration required). ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.