Cache Servers Keeping Exploit Code Alive

1960's architecture writes, "At last some evidence that exploit code is hiding on servers used to cache website content. According to Techworld, Israeli outfit Finjan has come up with evidence that real exploits have hidden on cache servers used by large search engines, effectively extending their life for periods of weeks after the original website had been taken down. The exploits detailed are from 2003-2004, but the principle would still apply to any exploit website around today, and any cache servers used by any one of the three unnamed search engines. It's almost literally malware 'life after death.'"

Fun with /.'s helpful link host's name feature

[jschottm]

Blah

Yahoo's cache can be addressed at rds.yahoo.com (compared to Google's cache, which uses IP addresses with no associated hostnames). Thus, all the various message boards that use the slashdot style of putting the domain name of the host will show yahoo.com even if it might be serving up an IE exploit that was hosted at mynastystuff.ru, increasing chances of click through. MSN uses a resolvable name for their cache as well, but it's at least identifiable as msncache.com rather than just msn.com.

Re:on with the slashdot mantra

[$RANDOMLUSER]

site:slashdot.org "i for one welcome our new" overloards
Results 1 - 10 of about 25

site:slashdot.org "i for one welcome our new" overlords
Results 1 - 10 of about 1,270

Still seems really low...

Re:this is batshit insane

[geoffspear]

Umm, the problem isn't exploits that attack the web server they're running on, it's exploits that attack the browser they're being viewed with, making the cache sites as dangerous to users as the original sites with the exploits on them. Or, at least, dangerous to those users who still use an unpatched copy of IE that's vulnerable to these old exploits. And really, viewing a cache of a formerly malicious site is probably the least likely way they're going to get exploited.