Could "Opera Unite" be a Botmaster's best friend?

By Michael Smith (Veshengro)

Now this is about all we needed...

Opera has added a lot of cool new features to its upcoming Opera 10 browser. One of them, however, is almost certainly going to catch the eye of cyber criminals.

That feature is called “Opera Unite”, and while Opera promotes it as an exciting new platform for next-generation Web development, some security experts say it could become the botmaster's best friend.

“Opera Unite” allows anyone run a Web server from their desktop. The browser connects to an Opera proxy server, which in turn then allows the browser to serve content to the rest of the Internet. This simplifies things for home users who want to host their own Web pages; with Opera's architecture, they don't have to configure firewalls or worry about their Internet service providers blocking Web server traffic.

But it also makes a precious resource more readily available to the bad guys.

In recent years, hacked Web sites have become the fastest-growing way for criminals to spread their malicious software. They have developed automated Web-hacking code, such as the recently reported Gumblar program, that can quickly hack into tens of thousands of Web pages in just a short period of time.

With “Opera Unite”, those selfsame cyber criminals may suddenly have a whole new crop of computers to attack.

“Unite” was just introduced as part of the Opera 10 beta this month, but it is only a matter of time until the criminals start playing with it, according to Don Jackson, a researcher with SecureWorks. "Bad guys always need Web servers," he said. "Anything that runs a Web server is prone to attack."

Because “Opera Unite” runs on the desktop, it may be easier to hack than most Web servers. "In this case it's a little worse, because instead of a machine that's managed in a data center, you may have someone on a machine in a hotel network that has no firewall on it," Jackson said.

Opera attack code is already included in the majority of browser attack tools that Jackson has studied. With “Unite”, he expects the hackers who write browser attack software to pay even more attention to Opera. "I think there will be a push to keep your exploit kit in marketable condition by developing exploits for Opera 10," he said.

Opera says it will monitor sites for malicious or inappropriate content, but Jackson says it will prove extremely difficult to police content that's being served by smart hackers. They may, for example, send Opera sanitized versions of their Web pages and reserve the malicious stuff for all other visitors.

Botmasters might start using Unite as a platform for saving data, or for running the command-and-control servers that are the brains of their networks of hacked computers, Jackson said.

Opera claims that it runs “Unite” within a "sandboxed" environment, which should make it hard for people to jump from “Unite” into other parts of the PC's file system, but the company doesn't say what steps it's taking to prevent hacked PCs from misusing the service.

Do we really need any more problems and make it easier for the cyber criminals? I think I shall stick with Firefox for it is I who then can control the add ons.

While such bells and whistles that are added to some browsers now by default that are supposed to make things so much better for the user are, in fact, dangerous additions that could make it easier for cyber criminals to either use PCs as bots or, probably worse still, to gain access to personal or business information.

Sometimes the good old adage of “if it ain't broken don't fix it” is still a good one.

© 2009