We explore a new type of malicious script attacks: the persistent parasite
attack. Persistent parasites are stealthy scripts, which persist for a long
time in the browser’s cache. We show to infect the caches of victims with
parasite scripts via TCP injection.
Once the cache is infected, we implement methodologies for propagation of the
parasites to other popular domains on the victim client as well as to other
caches on the network. We show how to design the parasites so that they stay
long time in the victim’s cache not restricted to the duration of the user’s
visit to the web site. We develop covert channels for communication between the
attacker and the parasites, which allows the attacker to control which scripts
are executed and when, and to exfiltrate private information to the attacker,
such as cookies and passwords. We then demonstrate how to leverage the
parasites to perform sophisticated attacks, and evaluate the attacks against a
range of applications and security mechanisms on popular browsers. Finally we
provide recommendations for countermeasures.