Web Cache Flaw Found In Websites, Firefox to Launch Attacks, DDoS

A researcher recently found that website visitors can be infected with or be used to spread malware via the web cache servers’ infrastructure. The vulnerability is not specific to any particular technology or website, and the researcher exploited the vulnerability to hack into unspecified major sites and platforms such as a U.S. government agency, a video game, an investment firm’s platform, and some online stores. An API vulnerability in Mozilla Firefox web cache plug-ins, which was also discovered, can be used in distributed denial-of-service (DDoS) attacks and other possible malicious motivations.

Web caches front websites with data for quick retrieval during the user’s next visit instead of always serving live content, especially for frequently visited sites. The complexity in cache and delivery infrastructure is commonly used in many of today’s applications, but can also be abused to deceive visitors. This particular flaw can force the cache itself to distribute malware to the website's visitors. All subsequent visitors can be vulnerable to attacks such as credit card information and credential theft, website defacement, or they can be redirected to a malicious page.

With the Firefox browser flaw, the researcher accidentally discovered the platform to be vulnerable to cache poisoning. The attacker can gain partial control by sending plug-in updates and applications to users using the platform and can modify the responses to the plug-in updates and permissions. The flaw can also be exploited to install extensions and whitelist dangerous URLs to use currently active Firefox browsers as a botnet for a DDoS attack.

Mozilla has resolved the issue since it was reported in January.

Web cache flaws have been previously subjected to attacks such as injections and buffer overflows, or via a spoofed page to save and share sensitive data. Users can follow these best practices to protect their systems from this threat:

For enterprises:

  • Install a multi-layered protection system that defends the gateway and endpoints.
  • Download the latest patches and updates to prevent malicious sites from bypassing the browsers’ list.
  • Disable the direct internet access of the company’s internal network, and make use of application proxies for accessing external network resources.
  • Observe and continuously monitor network traffic for increased connection attempts to particular domain names. A significant increase in machines trying to connect to domains never observed before may indicate an ongoing infection.

 For users:

  • Be conscious and cautious of socially engineered links from emails and websites.
  • Regularly patch your system and software with updates from legitimate vendors.

 

Trend Micro™ Deep Security™ and Vulnerability Protection provide endpoints protection from known and unknown threats and vulnerabilities. OfficeScan’s Vulnerability Protection shields endpoints from vulnerability exploits even before patches are deployed. Trend Micro™ Deep Discovery™ provides detection, in-depth analysis, and proactive response to attacks using exploits through specialized engines, custom sandboxing, and seamless correlation across the entire attack lifecycle, allowing it to detect similar threats even without any engine or pattern update.

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.