Drive-by Malware and Web Site Integrity
Are your sure some obfuscated piece of malware isn't lurking on your server? Are you sure your hosting service hasn't been compromised? In the age of drive-by downloads we have to wonder if our Web servers become compromised at any point.
Integrity checking with tools like Tripwire can help but if sites are frequently updated then an injected piece of malicious code can slip in under the radar along with legitimate changes.
Secure Computing Launches Domain Health Check reports on a domain integrity check service:
Those who request a Domain Health Check from Secure Computing will receive a report that provides a snapshot of their domain’s security reputation as it pertains to web and email traffic. Reputation scores are calculated based on behavior data captured in real-time by Secure Computing’s TrustedSource™ reputation service. Like a credit score, a reputation score indicates whether a site is in good standing, or if it may have been compromised and is being used in nefarious ways. As part of the report, participants will receive remediation tips that serve as a starting point for further action.
Not a bad idea if the service provider has the coverage to accurately measure traffic from your site.
One problem that needs to be over come is the that attackers will use multiple levels of obfuscation to hide malicious script code in HTML. An analysis of Web-based malware by Google describes some of the techniques used to prevent malware detection. Domain integrity checking isn't likely to catch these masked threats. So while domain integrity checks can be of some use, unless they are simulating browser behavior interacting with these sites, they're likely to miss a lot.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
