Intranets Vunerable to JavaScript Malware

Jeremiah Grossman, founder and CEO of WhiteHat Security has announced through a press release that at the Black Hat 2006 conference in Las Vegas he will demonstrate the vulnerabilities of a corporate intranet. The new node of attack is implemented through JavaScript-based malware via cross-site scripting (XSS). "Your browser can be fully patched, but when you visit a malware site, it can take complete control of your browser and use it to fingerprint or determine what devices there are on your network, discover internal IP addresses," Grossman says. He also warned that basic security measures as limiting the traffic to known, secure Internet addresses, is not, as it would appear, a viable solution. "We're told you're more likely to get attacked or 'inspected' on popular Websites rather than bottom-edge ones."

WhiteHat Security's CEO has warned of the vulnerabilities associated with an intranet as the security measures enabled at an inner corporate level are lax in comparison with those on public servers. Through an XSS exploit in the Web applications, and mainly in the browser, a JavaScript-based attack could allow for complete takeover of the internal network's devices.

Grossman has also emphasized that XSS exploits are gaining ground while they increase in popularity. From phishing methods to the recent Myspace.com worm, the new attacks made use of JavaScript malware. Discussing the impact of the MySpace.com worm that infected in excess of 1 million users, Grossman commented:" Hypothetically, what the attacker did was relatively benign compared to what he could have achieved." He expanded on a worst case scenario saying that the attacker had free access to over 1 million machines, and that some of them could have been used to attack corporate internets.