injan Inc., a leader in secure web gateway products, today announced that its Malicious Code Research Center (MCRC) has documented step-by-step how corporate data were being stolen and stored on remote servers owned by criminals. In its October 2008 Malicious Page of the Month report, Finjan describes how a corporate user, while browsing the web for his regular business needs, got infected with a Trojan.
The report outlines the following:
- How the corporate PC got infected by the Trojan;
- What happened just after the malware was installed on that corporate
- What the Trojan looked for on that infected PC;
- Where the stolen corporate data was stored;
- What type of stolen data was found on a remote server owned by the
"Despite the existing passive web security solutions that the company was using, such as traditional anti-virus signatures and a URL-filtering database, it could not prevent this Trojan from infiltrating the network and compromising confidential data," said Yuval Ben-Itzhak, CTO of Finjan. "This case shows once again how dynamic code obfuscation enables cybercriminals to plant "invisible" malicious code that infects a user's machine as soon as the user visits a website with malicious content."
The case described in the current MPOM October 2008 report, confirms the cybercrime evolution that Finjan has been following and reporting on for the last years:
- The Commercialization of malicious code - Web Security Trend Report Q2,
2006 (http://www.finjan.com/Content.aspx?id=827 )
- Hackers play "Hide and Seek" - Web Security Trend Report Q4, 2006
- Evasive attacks, designed to evade anti-virus or the URL filtering -
Web Security Trend Report Q2, 2007
- Crimeware-as-a-Service - Web Security Trend Report Q1, 2008
- Cybercrime organization structure and modus operandi - Web Security
Trend Report Q2, 2008 (http://www.finjan.com/Content.aspx?id=827 )
- Evolution of malicious obfuscated code - MPOM September 2008
According to Finjan, traditional web security products, such as anti-virus or URL-filtering databases, are limited in preventing today's cybercrime attacks targeting businesses. Their passive nature consisting of attempts to match a known malicious code or URL to a database of known signatures is by its nature limited in preventing today's attacks. A different technology is therefore needed.
Real-time content inspection is the optimal way to detect and block dynamically obfuscated code and similar types of advanced cybercrime techniques, since it analyzes and understands the code embedded within web content or files in real time - before it reaches the end-users.
The research is described in detail in Finjan's latest "Malicious Page of the Month" report released today.
To download the report, please visit http://www.finjan.com/mpom
Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC's goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world's leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan's proactive web security solutions. For more information, visit our MCRC subsite (http://www.finjan.com/SecurityLab.aspx?id=547 ).
Finjan is a global provider of web security solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan's active real-time web security solutions utilize patented behavior-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans and obfuscated malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan's award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: http://www.finjan.com.
(c) Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved. All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including European patent EP 0 965 094 B1 and U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358, 7418731, and may be protected by other U.S. Patents, foreign patents, or pending applications.
Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote, Window-of-Vulnerability, and Finjan RUSafe are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.