Malware: The UndeadMalware: The Undead
Thanks to cache servers, some malicious code lives on - even after it has supposedly been eradicated
October 17, 2006

Is there life after death? If you're malicious HTML code, there might be.
Researchers at Finjan Software Inc. say they have uncovered several instances in which malware from previously disabled Web sites or pages has reappeared, served up by caching systems that don't recognize the trouble. "Such 'infection-by-proxy' introduces new risks for businesses," says Finjan's Malicious Code Research Center in its quarterly Web security trends report. "This is more than just a theoretical danger -- Finjan has already found such a scenario being used in the wild." ISPs, search engines, and large enterprises often create large stores of cached Web pages on their systems to provide backup when a Web page is unavailable or slow to load, Finjan observes. These duplicate pages live on, even after a malicious site has been taken down or quarantined. When the cached pages are served up, they carry with them whatever malware may have been attached to the original page via HTML or JavaScript. This malware can be used to install spyware or Trojan horses, even after the threat has supposedly been eradicated. "Traditional security solutions might not be effective against this type of threat," Finjan says. URL filtering technology, for example, might block the original malicious site, but caching sites are generally treated as legitimate, the researchers observe. Anti-virus technology may also fail to catch the problem, because some malicious Websites are taken down before their exploits have a chance to build a virus signature. Finjan advises enterprises and ISPs that use caching servers to perform periodic checks of their cached content using proactive, behavior-based security software. — Tim Wilson, Site Editor, Dark Reading
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023