Finjan, the provider of proactive web security solutions for businesses and organizations, has announced its findings on the latest web security trends as uncovered by its Malicious Code Research Center.
In its Web Security Trends Report (Q3 2006), Finjan presents new findings related to malicious code found on storage and caching servers, as well as insights into trends related to sophisticated new threats that target Web 2.0 platforms and technologies.
The new report details Finjan’s discovery of malicious content residing in cached web pages on storage and caching servers, such as those used by ISPs, enterprises and leading search engines . “This malicious code can be referenced by third-party web pages and can be used to exploit an end user’s machine,” said Yuval Ben-Itzhak, Finjan’s Chief Technology Officer. “Even if the malicious site has been taken down, its malicious content is still stored and served by the caching servers. The exploit can result in the installation of Spyware, Trojans, and other malware that compromise a user’s privacy and identity.”
The report presents several instances of malicious code found by Finjan security researchers on public storage and caching servers . “This is more than just a theoretical danger,” Ben-Itzhak said. “Owing to this exploit, it is possible that storage and caching servers could unintentionally become the largest ‘legitimate’ storage venue for malicious code. Such ‘infection-by-proxy’ introduces new risks for businesses and consumers.” Ben-Itzhak noted that as the number of malicious sites continues to increase, it is important to raise users’ awareness regarding the potential dangers that may be lurking in cached web pages.
Ben-Itzhak noted that in order to protect users from malicious AJAX queries, enterprises require security solutions that are capable of analyzing each web request/reply “on the fly.” “Behavior-based analysis of web content, performed on the gateway between the browser and web servers, is one effective method for doing this,” he said. “A further advantage of behavior-based security is that it analyzes each and every piece of content, regardless of its original source. This technology assures that malicious content will not enter the network even if its origin is a highly trusted site.”