Thursday, October 12, 2006

The Dead Hand of Malware: Cached Exploits Live On!

The very common practice of search engines and others "caching" web images is keeping malware alive and viable long after it has been disabled on the original website! Techworld news website (linked above in title to this post) reports on a Finjan linkreport:

... caching technology used by search engines, ISPs and large companies has been discovered to harbour certain kinds of malicious code even after the website that hosted it has been taken down.

Such "infection-by-proxy" code can remain in caches for as long as two weeks, giving it a "life after death" at a time it would conventionally be assumed to have been neutralised. Although caching does not always save copies of everything on a website, it will still store code embedded in html, including programming formats such as Javascript.

The company offered details of how code designed to exploit a number of vulnerabilities in Microsoft products from 2003 and 2004 was able to continue in the public domain thanks to it hiding in the cache servers of one of three unnamed search engines.

"This is more than just a theoretical danger. It is possible that storage and caching servers could unintentionally become the largest 'legitimate' storage venue for malicious code," said Finjan’s CTO Yuval Ben-Itzhak. "Almost every malicious website out there has a copy on a cacheing server," he told Techworld

Isn't this kind of like finding out that the CDC holds vials of smallpox virus? Except that the cached remains aren't under any security at all!

No comments: