Could Opera Unite be a botmaster's best friend?
IDG News Service - Opera has added a lot of cool new features to its upcoming Opera 10 browser, and one of them is almost sure to catch the eye of cyber criminals.
It's called Opera Unite, and while Opera promotes it as an exciting new platform for next-generation Web development, some security experts say it could become the botmaster's best friend.
Opera Unite lets anyone run a Web server from their desktop. The browser connects to an Opera proxy server, which then allows the browser to serve content to the rest of the Internet. This simplifies things for home users who want to host their own Web pages; with Opera's architecture, they don't have to configure firewalls or worry about their Internet service providers blocking Web server traffic.
But it also makes a precious resource more readily available to the bad guys.
In recent years, hacked Web sites have become the fastest-growing way for criminals to spread their malicious software. They have developed automated Web-hacking code, such as the recently reported Gumblar program, that can quickly hack into tens of thousands of Web pages in just a short period of time.
With Opera Unite, they may suddenly have a whole new crop of computers to attack.
Unite was just introduced as part of the Opera 10 beta this month, but it's only a matter of time until the criminals start playing with it, according to Don Jackson, a researcher with SecureWorks. "Bad guys always need Web servers," he said. "Anything that runs a Web server is prone to attack."
But because Opera Unite runs on the desktop, it may be easier to hack than most Web servers. "In this case it's a little worse, because instead of a machine that's managed in a data center, you may have someone on a machine in a hotel network that has no firewall on it," Jackson said.
Opera attack code is already included in the majority of browser attack tools that Jackson has studied. With Unite, he expects the hackers who write browser attack software to pay even more attention to Opera. "I think there will be a push to keep your exploit kit in marketable condition by developing exploits for Opera 10," he said.
Opera says it will monitor sites for malicious or inappropriate content, but Jackson says it will prove extremely difficult to police content that's being served by smart hackers. They may, for example, send Opera sanitized versions of their Web pages and reserve the malicious stuff for all other visitors.
Botmasters might start using Unite as a platform for saving data, or for running the command-and-control servers that are the brains of their networks of hacked computers, Jackson said.
Browser wars
- Microsoft wraps up ads aimed at Google with IE9 pitch
- German gov't endorses Chrome as most secure browser
- Google's punishment of Chrome drops browser's share, says metrics firm
- Firefox 10 relieves add-on updating pain
- Mozilla OKs Firefox 10 launch this week
- Google patches several serious Chrome bugs
- Mozilla slows pace of Firefox 9 upgrades
- Google patches Chrome, beefs up malicious file blocking tech
- Mozilla to launch enterprise Firefox this month with 7X slower pace
- Mozilla persuades Firefox 3.6 users to dump old browser



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Forrester Total Economic Impact (TEI) Case Study - Oracle
- In this paper, Forrester Consulting examines the total economic impact and potential return on investment (ROI) realized by three Enterprise organizations as they...
- The Hidden Truth About Virtualizing Business-Critical Applications
- This IDG whitepaper highlights key findings based on the Quickpoll Survey conducted with more than 300 Enterprise and Commercial IT decision makers worldwide...
- Top 10 Myths About Virtualizing Business-Critical Applications
- Even though virtualization has brought positive change to enterprise IT over the last decade, some skepticism remains about how valuable virtualization can be...
- Enterprise Java Applications on VMware: Unix to Linux Migration Guide
- This guide focuses on key considerations for IT Architects who are in the process of migrating Java applications from UNIX to Linux as...
- Indiana University Virtualizes Mission-Critical Oracle Databases
- The Kelley School of Business at Indiana University deployed VMware Infrastructure which decreases costs, streamlines server deployment, and reduces energy consumption. All Internet White Papers
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on Vmware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®...
- Virtualizing Microsoft and Oracle on VMware vSphere: Benefits and Best Practices
- Virtualizing business-critical applications is an essential step in your journey to the cloud. Microsoft SQL Server, Exchange and SharePoint, and Oracle applications, are... All Internet Webcasts