Could Opera Unite Be a Botmaster's Best Friend?
It's called Opera Unite, and while Opera promotes it as an exciting new platform for next-generation Web development, some security experts say it could become the botmaster's best friend.
Opera Unite lets anyone run a Web server from their desktop. The browser connects to an Opera proxy server, which then allows the browser to serve content to the rest of the Internet. This simplifies things for home users who want to host their own Web pages; with Opera's architecture, they don't have to configure firewalls or worry about their Internet service providers blocking Web server traffic.
But it also makes a precious resource more readily available to the bad guys.
In recent years, hacked Web sites have become the fastest-growing way for criminals to spread their malicious software. They have developed automated Web-hacking code, such as the recently reported Gumblar program, that can quickly hack into tens of thousands of Web pages in just a short period of time.
With Opera Unite, they may suddenly have a whole new crop of computers to attack.
Unite was just introduced as part of the Opera 10 beta this month, but it's only a matter of time until the criminals start playing with it, according to Don Jackson, a researcher with SecureWorks. "Bad guys always need Web servers," he said. "Anything that runs a Web server is prone to attack."
But because Opera Unite runs on the desktop, it may be easier to hack than most Web servers. "In this case it's a little worse, because instead of a machine that's managed in a data center, you may have someone on a machine in a hotel network that has no firewall on it," Jackson said.
Opera attack code is already included in the majority of browser attack tools that Jackson has studied. With Unite, he expects the hackers who write browser attack software to pay even more attention to Opera. "I think there will be a push to keep your exploit kit in marketable condition by developing exploits for Opera 10," he said.
Opera says it will monitor sites for malicious or inappropriate content, but Jackson says it will prove extremely difficult to police content that's being served by smart hackers. They may, for example, send Opera sanitized versions of their Web pages and reserve the malicious stuff for all other visitors.
Botmasters might start using Unite as a platform for saving data, or for running the command-and-control servers that are the brains of their networks of hacked computers, Jackson said.
Jackson isn't the only security expert who's worried. On Thursday, Sunbelt Software Researcher Tom Kelchner said on his company blog: "According to the Opera Unite Developer's Primer, 'Opera Unite features a Web server running inside the Opera browser, which allows you to do some amazing things.' We're betting there [are] some other people who use the Internet who will be doing some amazing things with this too."
Opera says it runs Unite within a "sandboxed" environment, which should make it hard for people to jump from Unite into other parts of the PC's file system, but the company doesn't say what steps it's taking to prevent hacked PCs from misusing the service.
A company representative couldn't immediately comment for this report on Friday.