Press Releases

Unedited news and product information from vendors.

Finjan Identifies Trojan 2.0 a New Genre of Crimeware
Dec 10, 2007 (08:12 AM EST)


SAN JOSE, California, December 10 /PRNewswire/ -- Finjan Inc., a leader in secure web gateway products, today announced important findings by its Malicious Code Research Center (MCRC) which have identified a new genre of crimeware Trojans. Utilizing regular Web 2.0 technology and websites to provide cybercriminals with an easy and scalable command and control scheme, the latest "Trojan 2.0" attacks exploit the trust that legitimate web services enjoy vis-a-vis reputation-based security services. As such, they enable criminals to further capitalize on the web as the most effective attack vector for a wide range of illegitimate and malicious activities - including botnet delivery of spam, identity theft through keylogging, highly sophisticated financial fraud, corporate espionage, and business intelligence gathering. Finjan's findings on the crimeware upgrades to Trojan 2.0 are detailed in its Web Security Trends Report (Q4 2007) ( http://finjan.com/content.aspx?id=827 ) released today.

"Criminals and attackers are arming their crimeware Trojans with new covert communication channels designed to evade detection by traditional security products," said Finjan CTO Yuval Ben-Itzhak. "Since this model uses legitimate websites and domains for distributing instructions to botnets, these communications appear as regular web traffic, and in most cases cannot be detected by enterprises' existing security solutions. The advancements made in Trojan technology compel businesses to upgrade their web security solutions. Products that rely on real-time inspection and true understanding of the underlying web content, rather than reputation-based or signature-based solutions, are best equipped to handle these types of threats."

New threats in 2008 will leverage advanced Web 2.0 techniques and services

The latest report from Finjan MCRC also provides a forecast of what Finjan expects for the web security space in 2008. As email-borne attacks continue to diminish - except for spam - and the web consolidates its claim as cybercriminals' favorite vector of attack, the web channel will continue to evolve. The stage is set for cybercriminals to leverage Web 2.0 technologies (e.g., RSS feeds, social networks, blogs and mashups) to reach new levels of technological sophistication. New types of upgraded attacks, such as Trojan 2.0, will use the web as a control channel for communicating with botnets, taking advantage of the very trust that users have been conditioned to place in their traditional security vendors (e.g., anti-virus, URL reputation, etc).

"Building on the trend over the past year whereby financial reward has been driving the evolution of malicious code, 2008 will bring new threats that leverage advanced Web 2.0 techniques and services," said Ben-Itzhak. "Attacks will become more sophisticated by combining several services in order to heighten infection ratios and decrease the detection rate, while providing more robust and scalable attack frameworks. The focus will be on Trojan technology as it enables maximum flexibility in terms of command and control. This adds another potentially malicious element to the 'legitimate' web traffic that needs to be examined by security solutions. We will cover these and other relevant topics in our upcoming 2008 quarterly Web Security Trends Reports, as well as providing 'in the wild' examples based on our ongoing research activities."

Q3 Report Follow-Up: Problematic Widgets and Gadgets

The previous report (Q3 2007) explored vulnerabilities discovered in widgets and gadgets - small applications that typically provide visual information or access to frequently used functions. Recent examples of vulnerable widgets show that Finjan's assessment of this problem was accurate. In Finjan's view, since these add-ons are usually not considered business critical applications, enterprises should enforce a strict policy on using widgets and widget engines. "This attack vector could have a major impact on the industry, potentially exposing corporations to a vast array of new security considerations that need to be dealt with," Ben-Itzhak said. "To ensure the integrity of their information assets, businesses require security solutions that are capable of analyzing code in real time and detecting malicious code appearing in such innovative attack vectors."

2007 at a glance - Finjan's forecast vs. reality

The latest Web Security Trends Report also includes a review of Finjan's predictions for 2007 - outlined in its Q4 2006 Trends Report - and how they fared, as well as a summary of trends identified by Finjan in the first two quarters of 2007. These highlights serve to provide an overview of key web security trends for 2007. They include discussions of:

- Universal pervasiveness of malicious code. Malicious code tends to appear on major hosting sites in order to gain proximity to major Internet communities such as the US, UK and Canada. Hackers are no longer "localizing" and hosting code in what used to be considered the "dark side" of the Internet (former Soviet Union countries, Southeast Asia, etc.). On the contrary, developed countries with relatively advanced cybercrime laws are still at the top of the list for hosting malicious code. One Finjan study found that over 80% of the URLs containing malicious code are hosted on servers in the United States, with the UK responsible for almost 10%, followed by Canada and Germany with 1-2% each. Moreover malicious code is just as likely to be found in legitimate website categories (e.g., Finance, Travel and Computing) as in questionable categories (e.g., adult, free downloads); upwards of 80% of the malicious code detected was found in URLs categorized as "Advertising." "This means that security products that rely solely on URL categories to block access to sites are basically rendered useless," Ben-Itzhak said. During 2007 several Advertising networks were found as distributing Ads referencing malicious content. Evasive attacks and financial crime networks. Finjan's research in Q2 2007 provided additional confirmation that malicious code has become a business and its evolution is being driven by commercial and financial interests. Cybercriminals are willing to pay large sums of money for the bank account details, credit card numbers and social security IDs collected by hackers using malicious code. As hackers are getting paid according to the number of users they infect, their primary motivation is to develop attacks that go undetected for as long as possible. This in turn has led them to develop technological improvements and sophisticated techniques designed to evade traditional security solutions, including a new genre of highly sophisticated attacks designed to evade signature-based and database-reliant security methods. These attacks represent a quantum leap for hackers in terms of their technological sophistication, and pose a serious challenge to the IT community.

Concludes Ben-Itzhak: "The trends described in this report reflect the way we sees the web security field evolving in the near future in terms of utilizing the full power of Web 2.0 to conduct malicious activities by utilizing legitimate websites and technologies. The fact that attackers continue to adapt legitimate technologies to support their criminal activities indicates how meticulously they are monitoring current security vendor technology. Their quickness and agility in applying new attack techniques has given them an edge - at least for the time being - over traditional security vendors."

About MCRC

Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC's goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world's leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan's proactive web security solutions. For more information, visit our MCRC subsite http://www.finjan.com/SecurityLab.aspx?id=547 .

About Finjan

Finjan is a global provider of web security solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan's real-time web security solutions utilize patented behavior-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans and obfuscated malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan's award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: http://www.finjan.com .

(c) Copyright 1996-2007. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved. All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.

Media Contacts United States Jan Wiedrick-Kozlowski Activa PR Tel. +1-585-392-7878 jan@activapr.com UK Neil Stinchcombe Eskenzi PR Ltd. Tel: +44-(0)208-449-1007

CONTACT: Media Contacts - United States, Jan Wiedrick-Kozlowski, Activa jan@activapr.comPR, Tel. +1-585-392-7878, ; UK, Neil Stinchcombe, EskenziPR Ltd., Tel: +44-(0)208-449-1007,