The Tech Herald

VeriSign to offer script injection scanning as part of SSL package

by Steve Ragan - Jul 19 2010, 19:27

VeriSign is set to introduce a new service on Wednesday using its SSL services. Called Malware Scan, the new service was launched in stages last week. It represents one of many planned security enhancements since Symantec acquired the SSL giant earlier this summer.

Malware Scan, as mentioned, is a free service included with VeriSign's Trust Seal package. To take part, all a customer has to do is use VeriSign's SSL offerings and opt-in to the service from the Trust Center portal. Once activated, the domain is placed in a queue and will be visited by VeriSign’s spiders within 24 hours.

The scan equates to having 10 visitors navigating the site at once. It starts by following all the links on the landing page. From there, the spiders dig to about 200-pages deep. As a page is scanned, the source code is examined for known malicious links, and other suspicious code that often results in embedded Iframe attacks or embedded JavaScript that serves Malware.

If, after scanning, the site is deemed clean, it will remain in a passing state until being scanned again 24 hours later. However, while the initial scan depth is about 200 pages, all bets are off if there is malicious content discovered. If that happens, the entire site is crawled, along with other visible actions that would stand out to a VeriSign customer.

If malicious code is discovered, in addition to scanning the entire site, VeriSign will disable the Trust Seal, preventing it from being displayed on the customer’s page. Tim Callan, vice president of product marketing at VeriSign, told The Tech Herald on Thursday that this action is just one of the steps taken if rogue code is located during a scan.

Those who use LinkScanner from AVG have likely seen the VeriSign seal next to domains as they appear in various searches. Those sites represent customers who are part of the Seal-in-Search program from VeriSign. If malicious code is discovered on the customer’s site, the Seal-in-Search logo disappears along with the Trust Seal, and remains gone for as long as the site’s code is compromised.

While all this takes place, the customer will get notifications from VeriSign via email and in their Trust Center management area. The warnings in the Trust Center will show that the Trust Seal and Seal-in-Search logos have been revoked and provide the customer with a clear reason as to why.

The explanation goes so far as to tell them the exact page the rogue code was discovered on, as well as what line the offending scripts appear on. Once the site has been cleaned, the customer can request a rescan via their management console.

When The Tech Herald talked to Callan about the new technology behind the Malware Scan, we asked about false positives, as well as what the company has done to prevent a criminal from gaming the system.

The false positives problem was solved by months of testing, including demos from many vendors before the final OEM partner, Armorize, was selected. Armorize recently released HackAlert 3.0 in June, and offers a Cloud-based API to VARs such as VeriSign.

Given that HackAlert 3.0 scans websites looking for Malware and other threats via behavioral, signature-based, and blacklisted detection and analysis, this is very likely what VeriSign is using. If so, not only will the site’s code be scanned against known threats, but malicious advertisements will also be detected, as well as malicious code that attempts evasion. 

When it comes to criminals who have compromised a site and plan to game the Malware Scan, aside from the fact that the sites are scanned daily but never at the same time each day, there is little that can be done. The service VeriSign offers is a single added layer of protection for its clients and not an end-all solution. It scans and alerts customers to problems, but VeriSign’s offering can do little against a fully compromised website.

Still, for a 'free-as-in-beer' offering, this is a neat perk for SSL customers.

More information is available here.

Around the Web

Comment on this Story

comments powered by Disqus
Security
Index
News
 
Features
Reviews

From Autosaur.com

Fastest Car in The World: The ultimate guide

EVERYONE wants to know what the fastest car in the world is and here is a list of the cream of the crop. It gives you a thorough guide as to the main contenders, talks you through the rest of the world’s fastest automobiles, and reveals the two main future potential holders of the most [...]

The post Fastest Car in The World: The ultimate guide appeared first on Autosaur.

World’s first flat-pack truck the OX could help Africa

A flat-pack truck which can be put together by anyone in just half a day has been invented to help people living in remote places in Africa and other parts of the developing world. The OX is shipped in pieces but can be assembled with just three people in 11.5hours — and they need no [...]

The post World’s first flat-pack truck the OX could help Africa appeared first on Autosaur.

Nissan 370Z Nismo to rock the Gumball 3000 rally

The Nissan 370Z Nismo will be one of the cars in the 2013 Gumball 3000 rally where  â€” as the guys from TV show Jackass put it — “filthy stinking rich” people drive super-expensive cars 3,000 miles through 13 countries across Europe. The car, above, will be driven by a team from publishing and production [...]

The post Nissan 370Z Nismo to rock the Gumball 3000 rally appeared first on Autosaur.