XML Viruses
From searchwebservices.com:
On Monday, Layer 7 Technologies Inc. added Cupertino, Calif.-based Symantec Corp.'s AntiVirus Scan Engine to its SecureSpan Gateway product. Under the partnership, SecureSpan, which enforces security policies for Web services, can now forward any malicious SOAP attachments to the AntiVirus Scan Engine, which in turn rejects or quarantines any infected files before they can penetrate an application.
In a related announcement, Forum Systems Inc. and Islandia, N.Y.-based Computer Associates (CA) Inc. teamed up to integrate CA's eTrust EZ antivirus software with the Forum XWall Web Services Firewall. XWall will add a new XML Antivirus module that will apply security policies and antivirus signatures to SOAP messages, SOAP attachments and raw XML....
XML traffic has increased because common formats like MP3 files and Microsoft Word documents can now be sent as XML. Additionally, the fact that SOAP envelopes and WSDL files can carry embedded macros and files increases the risk of exchanging Web services messages.
"XML and Web services cut through existing firewalls and email-based spam and virus filters like a hot knife through butter," said Ron Schmelzer, senior analyst at Waltham, Mass.-based ZapThink LLC. "Existing routers don't inspect the actual content at the level necessary to deal with XML-based virus and content-based attacks."...
While viruses embedded inside SOAP attachments are the easiest way to strike, a sophisticated parser can find sensitive information inside XML documents like credit card numbers or "dirty words", according to Wes Swenson, CEO of Salt Lake City-based Forum Systems.
"Anything that's XML-ified needs to be parsed," Swenson said. "Most network layer technologies do not parse, they only deal with packets, envelopes and messages."
Parsing attacks and XML schema poisoning are the next types of Web services security threats we can expect to see, Swenson said. Malicious macros or circular references can poison schemas and cause a parser to consume all of its resources and shut down.
Comments