Top Malware Threats: Cached malicious code and Web 2.0 platforms

By | October 12, 2006

Finjan, the provider of proactive web security solutions for businesses and organizations, has announced its findings on the latest web security trends as uncovered by its Malicious Code Research Center.

In its Web Security Trends Report (Q3 2006), Finjan presents new findings related to malicious code found on storage and caching servers, as well as insights into trends related to sophisticated new threats that target Web 2.0 platforms and technologies.

The new report details Finjan’s discovery of malicious content residing in cached web pages on storage and caching servers, such as those used by ISPs, enterprises and leading search engines . “This malicious code can be referenced by third-party web pages and can be used to exploit an end user’s machine,” said Yuval Ben-Itzhak, Finjan’s Chief Technology Officer. “Even if the malicious site has been taken down, its malicious content is still stored and served by the caching servers. The exploit can result in the installation of Spyware, Trojans, and other malware that compromise a user’s privacy and identity.”

The report presents several instances of malicious code found by Finjan security researchers on public storage and caching servers . “This is more than just a theoretical danger,” Ben-Itzhak said. “Owing to this exploit, it is possible that storage and caching servers could unintentionally become the largest ‘legitimate’ storage venue for malicious code. Such ‘infection-by-proxy’ introduces new risks for businesses and consumers.” Ben-Itzhak noted that as the number of malicious sites continues to increase, it is important to raise users’ awareness regarding the potential dangers that may be lurking in cached web pages.

Another newly discovered web security threat centers on the use of Web 2.0 and AJAX ( Asynchronous JavaScript and XML) technologies for malicious activities. While Web 2.0 and AJAX offer an enriched and improved user experience for Internet users, the technology also flings open the door to new malware propagation methods. “ By targeting high-traffic web sites, hackers have found an easy way to achieve mass propagation,” Ben-Itzhak said. “By either embedding malicious code in hosted Web content or by using AJAX to query the ‘hidden web’, hackers can create ‘invisible’ attacks since the code is never revealed on the site.”

Ben-Itzhak noted that in order to protect users from malicious AJAX queries, enterprises require security solutions that are capable of analyzing each web request/reply “on the fly.” “Behavior-based analysis of web content, performed on the gateway between the browser and web servers, is one effective method for doing this,” he said. “A further advantage of behavior-based security is that it analyzes each and every piece of content, regardless of its original source. This technology assures that malicious content will not enter the network even if its origin is a highly trusted site.”

Leave a Reply