Thursday, October 12, 2006

Exploit Code Hiding in Cache Servers?

John E. Dunn writes on NetworkWorld:

Malicious code is living on weeks after it has been removed from Web sites thanks to an unexpected culprit: cache servers.

According to Finjan Software, which has just released its latest Web trends report, caching technology used by search engines, ISPs and large companies has been discovered to harbor certain kinds of malicious code even after the Web site that hosted it has been taken down.

Such "infection-by-proxy" code can remain in caches for as long as two weeks, giving it a "life after death" at a time it would conventionally be assumed to have been neutralized. Although caching does not always save copies of everything on a Web site, it will still store code embedded in html, including programming formats such as Javascript.

More here.


Post a Comment

<< Home