The new version of Opera, version 10, will include a web server as part of a platform called Unite. Opera is touting it for home users who want to be able to publish content but don’t know how to configure their firewalls or are getting blocked by ISP’s. This also means that anyone on your corporate network could setup a web server to serve up files from your network (sound scary? It should.)
Security researchers say this could be a perfect opportunity for botmasters to use the browser as a command and control channel. Not only that but Opera users could unknowingly give access to critical system files as well. The platform uses a group of extensions to the widget system Opera uses to provide enhanced functionality to the browser. While Opera warns developers of the risks, it is up to the developer in the end to decide how careful they are going to be. It also places a significant responsibility on the end user to determine what parts of Unite and the other Opera widgets could give up control to the less honest people on the web.
Other researchers are also warning that it could spur malware authors to write specifically for the Opera browser. As it passes through the Beta phase I’m sure we’ll see more about this and likely some POC code.
Sunbelt Software
Network World – “Could Opera be a Botmaster’s Best Friend”
Geeks are Sexy - “Opera Unite – should be “Untie”?”
Opera Software – Opera Unite
