Exploit code hiding in cache servers
Malicious code is living on weeks after it has been removed from websites thanks to an unexpected culprit: cache servers.
According to Finjan Software, which has just released its latest Web trends report, caching technology used by search engines, ISPs and large companies has been discovered to harbor certain kinds of malicious code even after the website that hosted it has been taken down.
Such "infection-by-proxy" code can remain in caches for as long as two weeks, giving it a "life after death" at a time it would conventionally be assumed to have been neutralized. Although caching does not always save copies of everything on a website, it will still store code embedded in html, including programming formats such as Javascript.
The company offered details of how code designed to exploit a number of vulnerabilities in Microsoft products from 2003 and 2004 was able to continue in the public domain thanks to it hiding in the cache servers of one of three unnamed search engines.
Although old, there is no reason why the same issue wouldn't apply to recent issues on an unlimited scale, depending on the nature of the code and the way it was buried within cacheable content. And code pointing to malware such as Trojans would remain because of the issue, raising the level of risk further.
"This is more than just a theoretical danger. It is possible that storage and caching servers could unintentionally become the largest 'legitimate' storage venue for malicious code," said Finjan's CTO Yuval Ben-Itzhak. "Almost every malicious website out there has a copy on a caching server," he told Techworld.
The services affected by the cached malware had been informed in August. "What our latest report shows is that current processes to remove such malicious content from the Web are simply not going far enough to combat this very serious and growing threat."
This type of threat counts as new, though there have been several instance of malicious code using search engines to spread in other ways. In May, a McAfee report claimed that search engines were now a major channel for the inadvertent spread of malware by returning infected sites in search results.
» posted by abennett
Techworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
