'Zombie' exploits cached by search engines
Over a year after first coming to light, the cache engines of major search
engines are still providing a safe hiding place for malicious code, a security
company has revealed.
The latest warning comes from security company Aladdin, which logged an attack
against a university website which was eventually traced back to just such a
'poisoned cache.' The originating site had been taken offline, but the code
from it was still able to spread by living on in the caches of a major search
engine.
To make matters worse, cached malicious code could circumvent URL filtering
systems because they would only stop the original site URL and not the site
as found via a search engine indexing it from cache.
Aladdin didn't specify the engine involved in the incident, but did say the
problem affected Google, MSN Live and Yahoo. According to Aladdin's Ofer Elzam,
cached pages could remain active for weeks and possibly even months, and would
remain in their original state until the cache algorithm refreshed its store.
"As I see it, they [search engines] have done nothing to solve it,"
he said of the problem. "It is they who are infecting the users. Do they
feel responsible?"
This type of cache poisoning was first noticed around four years ago, with
Israeli security company Finjan claiming last year that it was also to some
extent affecting ISP and enterprise caching systems.
"This is more than just a theoretical danger. It is possible that storage
and caching servers could unintentionally become the largest 'legitimate' storage
venue for malicious code," said Finjan's CTO Yuval Ben-Itzhak said at the
time. "Almost every malicious website out there has a copy on a caching
server."
The attack documented by Aladdin involved a nest of inter-linked websites,
and a swarm of over a hundred Trojans, of which 51 were not detectable by signature-based
scanning products. Advanced cross-site scripting attacks and code injection
could also be launched from cached sites, the company said.
» posted by abennett
Techworld.com
Build your tech library with our book giveaways.
Windows PowerShell 2.0 Unleashed
By Tyson Kopczynski, Pete Handley, Marco Shaw; Published by Sams
Windows PowerShell Unleashed will not only give you deep mastery over PowerShell but also a greater understanding of the features being introduced in PowerShell 2.0–and show you how to use it to solve your challenges in your production environment. Enter now!
Ubuntu Server Administration
By Michael Jang; Published by McGraw-Hill Osborne Media
Realize a dynamic, stable, and secure Ubuntu Server environment with expert guidance, tips, and techniques from a Linux professional. Ubuntu Server Administration covers every facet of system management -- from users and file systems to performance tuning and troubleshooting. Enter now!
