Now a researcher at Websense, a security firm based in San Diego, has developed a way to monitor such malicious activity automatically.
Speaking at the RSA Security Conference in San Francisco last week, Stephan Chenette, a principal security researcher at Websense, detailed an experimental system that crawls the Web, identifying the source of content embedded in Web pages and determining whether any code on a site is acting maliciously.
Chenette's software, called FireShark, creates a map of interconnected websites and highlights potentially malicious content. Every day, the software maps the connections between nearly a million websites and the servers that provide content to those sites.
"When you graph multiple sites, you can see their communities of content," Chenette says. While some of the content hubs that connect different communities could be legitimate--such as the servers that provide ads to many different sites--other sources of content could indicate that an attacker is serving up malicious code, he says. According to a study published by Websense, online attackers' use of legitimate sites to spread malicious software has increased 225 percent over the past year.
Kiran Kuppa on 22 Jan 14The RSA concerns started with documents leaked by Edward Snowden and published by the New York Times in December. These indicated that the NSA had worked with the National Institute of Standards and Technology to create a "backdoor" in the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG), a pseudorandom number generator designated as a standard for encryption. According to the documents, in 2004-even before NIST approved it as a standard-the NSA paid RSA $10 million to use Dual EC DRGB as part of its RSA BSAFE cryptographic library. This meant that much of the encryption software sold by RSA would allow the NSA to break the encryption using the known backdoor
