Security experts have warned of malicious code residing
in cached web pages on servers used by ISPs, search engines and
businesses.
Web security firm Finjan identified several instances of
malicious code found on public storage and caching servers in its
Web Security Trends Report for third quarter of 2006.
Chief technology officer Yuval Ben-Itzhak warned, “This
malicious code can be referenced by third-party web pages and can
be used to exploit an end-user’s machine. Even if the malicious
site has been taken down, its malicious content is still stored and
served by the caching servers.”
He added, “The exploit can result in the installation of
Spyware, Trojans, and other malware that compromise a user’s
privacy and identity.”
Ben-Itzhak warned that storage and caching servers “could
unintentionally become the largest ‘legitimate’ storage venue for
malicious code”.
Finjan has provided technical details to ISPs and search engine
firms.
The third quarter report also points to new use of Web 2.0 and
Ajax (Asynchronous JavaScript and XML) technologies for malicious
activities. These technologies are designed to produce a better web
experience for Internet users, but Ben-Itzhak warned that they
could also provide new ways to propagate malware.