Search Engine Caches could Host Malicious Exploit
Security firm Aladdin Knowledge Systems Ltd. simulated an attack on the website of a university and found its traces to a 'poisoned cache'. Although the site where the attack originated was taken offline, yet the malware from it spread by residing in the caches within a popular search engine.
The situation became even worse when cached malicious software was able to dodge URL filtering solutions as they would block only the real URL and not recognize the one that is found via indexing from the search engine cache.
The vulnerability hints at what would happen with multifaceted attacks on the web in future. Researchers at eSafe CSRT of Aladdin were successful in searching with Windows Live Search, Yahoo! and Google to access cached replicas of web pages that had malicious code in them, said Director of product management for Aladdin, Ofer Elzam. SCMagazine published this in news on December 6, 2007.
The corrupt web page belonged to a university and it had a malware that tried to download from the Internet a number of different types of spyware and Trojans. To exploit the flaw, an attacker needs to create malicious web pages at different hosting services, promote them among the hits on search engines and then withdraw the pages from the Internet to make it appear as if no threat existed.
The attack that Aladdin documented involved a net of interconnected websites, and a cluster of 100 Trojan horses, out of which 51 penetrated through signature-based scanning systems. Code injection and 'cross-site scripting' attacks too could be triggered from cached websites.
According to Aladdin, malicious websites are dangerous threats on the Web today - be they phishing sites or those containing code that compromises vulnerable systems. Although ISPs would bring down such websites as they come to light, yet many of them seems to reappear again and again.
Search engines like Google and Yahoo! cache entries from time to time. Besides the benefits from it, a serious disadvantage is that the search engines don't remove malicious sites out of their caches, which means people could still obtain sites from the cached formats.
Related article: Surge in Spam attack
» SPAMfighter News - 20-12-2007