Browser developer Opera today introduced a new feature of its upcoming browser generation 10 with the code name Opera Unite. Basically Opera added a web server to the browser and offers a dynamic DNS service along with it. So everyone can provide content on the Internet from his own computer. And due to the dynamic DNS service with a fixed domain like http://<mycomputer1>.<myusername>.operaunite.com/.

This does sound great and many people would like such a feature. Anyhow, I got scared when reading the news about this feature. Imagine, other browser developers like Mozilla, Apple or Microsoft would add such a feature, too! Everybody would be able to share documents publicly. And executable programs. But who makes sure that those aren’t infected or Trojans themselves?

Plenty of malware uses for example the shared folders of file sharing programs to spread itself; there is no reason not to use a web server which is accessible by everyone with a web browser – and not just for users of a file sharing program. The spreading mechanism can be very simple: Users could get a mail or instant message with a (proper) link to the malware. Or such a link is on another web site.

One indicator for antimalware programs can be a suspicious IP-only address where the executable file is located. Now it can be served with a fully qualified domain name, disabling this indicator (as http://a.b.operaunite.com/malware.exe looks less suspicious than http://143.145.23.45/malware.exe even to the human eye). Before adding such a feature to the browser/server combination for example a so called fast-flux DNS was necessary for adding a domain name for the infected computers. Additionally, a malware author doesn’t need to code an own web server anymore – just reconfigure the browser!

The idea of adding a web server to the browser sounds nice. But it has to be done correctly. Else we might be facing a new dimension of drive-by-downloads (or -uploads) and hacked “servers” in the near future.

Dirk Knop
Technical Editor