NOW READ THIS
("Security Advisory")
Go Back
Submitted by: Bill Hickey
NCVA List Master
NRT-0148 SSL technology used to hide and spread malicious code:
Secure connections, in which data is encrypted using Secure Sockets Layer (SSL) technology before being transmitted over the web, are increasingly being used to hide and spread malicious code, according to a report by Kaspersky Labs. Security analysts have long warned about the possibility of hackers exploiting encrypted SSL connections to sneak viruses and other malicious code past firewalls, antivirus software, and intrusion detection systems, but what is lending greater urgency to the issue now is the widespread use of SSL communications by banks, retailers, e-commerce sites, and email providers on the internet, said a Kaspersky senior technical consultant.
"A lot of people, when they go to a web site and see the picture of the lock on their browsers, assume the connection they have with the server is secure" and pay little attention to what data is being exchanged, he said. All that a secure connection is designed to do is to verify the identity with whom information is being exchanged and then use encryption to protect the information from being viewed or modified by a third party. There is usually little validation of the content being transmitted during such sessions.
As a result, rogue hackers can use the connections as a way to transmit and spread malicious code, including Trojan horse programs and email worms on client systems and web servers, he said, noting that traditional antivirus tools and intrusion detection systems are inadequate because they are not designed to detect malware in an encrypted connection. Most antivirus vendors today offer web application plug-ins that allow for the content in secure connections to be inspected, he added, but some applications - such as Microsoft Outlook and Microsoft Outlook Express do not work very well with the plug-ins.
(www.computerworld.com 19MAR07)
Last Modified: Sunday, 29-Apr-2007 15:17:43 EDT