SAN JOSE, California, December 10 /PRNewswire/ --

- In its Latest Web Security Trends Report, Finjan Explores "Trojan 
2.0" Attacks That Utilize Regular Web 2.0 Technology to Exploit Legitimate 
Web Services

Finjan Inc., a leader in secure web gateway products, today announced
important findings by its Malicious Code Research Center (MCRC) which have
identified a new genre of crimeware Trojans. Utilizing regular Web 2.0
technology and websites to provide cybercriminals with an easy and scalable
command and control scheme, the latest "Trojan 2.0" attacks exploit the trust
that legitimate web services enjoy vis-a-vis reputation-based security
services. As such, they enable criminals to further capitalize on the web as
the most effective attack vector for a wide range of illegitimate and
malicious activities - including botnet delivery of spam, identity theft
through keylogging, highly sophisticated financial fraud, corporate
espionage, and business intelligence gathering. Finjan's findings on the
crimeware upgrades to Trojan 2.0 are detailed in its Web Security Trends
Report (Q4 2007) (http://finjan.com/content.aspx?id=827) released today.

"Criminals and attackers are arming their crimeware Trojans with new
covert communication channels designed to evade detection by traditional
security products," said Finjan CTO Yuval Ben-Itzhak. "Since this model uses
legitimate websites and domains for distributing instructions to botnets,
these communications appear as regular web traffic, and in most cases cannot
be detected by enterprises' existing security solutions. The advancements
made in Trojan technology compel businesses to upgrade their web security
solutions. Products that rely on real-time inspection and true understanding
of the underlying web content, rather than reputation-based or
signature-based solutions, are best equipped to handle these types of
threats."

New threats in 2008 will leverage advanced Web 2.0 techniques and
services

The latest report from Finjan MCRC also provides a forecast of what
Finjan expects for the web security space in 2008. As email-borne attacks
continue to diminish - except for spam - and the web consolidates its claim
as cybercriminals' favorite vector of attack, the web channel will continue
to evolve. The stage is set for cybercriminals to leverage Web 2.0
technologies (e.g., RSS feeds, social networks, blogs and mashups) to reach
new levels of technological sophistication. New types of upgraded attacks,
such as Trojan 2.0, will use the web as a control channel for communicating
with botnets, taking advantage of the very trust that users have been
conditioned to place in their traditional security vendors (e.g., anti-virus,
URL reputation, etc).

"Building on the trend over the past year whereby financial reward has
been driving the evolution of malicious code, 2008 will bring new threats
that leverage advanced Web 2.0 techniques and services," said Ben-Itzhak.
"Attacks will become more sophisticated by combining several services in
order to heighten infection ratios and decrease the detection rate, while
providing more robust and scalable attack frameworks. The focus will be on
Trojan technology as it enables maximum flexibility in terms of command and
control. This adds another potentially malicious element to the 'legitimate'
web traffic that needs to be examined by security solutions. We will cover
these and other relevant topics in our upcoming 2008 quarterly Web Security
Trends Reports, as well as providing 'in the wild' examples based on our
ongoing research activities."

Q3 Report Follow-Up: Problematic Widgets and Gadgets

The previous report (Q3 2007) explored vulnerabilities discovered in 
widgets and gadgets - small applications that typically provide visual 
information or access to frequently used functions. Recent examples of 
vulnerable widgets show that Finjan's assessment of this problem was 
accurate. In Finjan's view, since these add-ons are usually not considered 
business critical applications, enterprises should enforce a strict policy 
on using widgets and widget engines. "This attack vector could have a major 
impact on the industry, potentially exposing corporations to a vast array 
of new security considerations that need to be dealt with," Ben-Itzhak 
said. "To ensure the integrity of their information assets, businesses 
require security solutions that are capable of analyzing code in real time 
and detecting malicious code appearing in such innovative attack vectors."

2007 at a glance - Finjan's forecast vs. reality

The latest Web Security Trends Report also includes a review of Finjan's
predictions for 2007 - outlined in its Q4 2006 Trends Report - and how they
fared, as well as a summary of trends identified by Finjan in the first two
quarters of 2007. These highlights serve to provide an overview of key web
security trends for 2007. They include discussions of:

- Universal pervasiveness of malicious code. Malicious code tends to
appear on major hosting sites in order to gain proximity to major Internet
communities such as the US, UK and Canada. Hackers are no longer "localizing"
and hosting code in what used to be considered the "dark side" of the
Internet (former Soviet Union countries, Southeast Asia, etc.). On the
contrary, developed countries with relatively advanced cybercrime laws are
still at the top of the list for hosting malicious code. One Finjan study
found that over 80% of the URLs containing malicious code are hosted on
servers in the United States, with the UK responsible for almost 10%,
followed by Canada and Germany with 1-2% each. Moreover malicious code is
just as likely to be found in legitimate website categories (e.g., Finance,
Travel and Computing) as in questionable categories (e.g., adult, free
downloads); upwards of 80% of the malicious code detected was found in URLs
categorized as "Advertising." "This means that security products that rely
solely on URL categories to block access to sites are basically rendered
useless," Ben-Itzhak said. During 2007 several Advertising networks were
found as distributing Ads referencing malicious content. Evasive attacks and
financial crime networks. Finjan's research in Q2 2007 provided additional
confirmation that malicious code has become a business and its evolution is
being driven by commercial and financial interests. Cybercriminals are
willing to pay large sums of money for the bank account details, credit card
numbers and social security IDs collected by hackers using malicious code. As
hackers are getting paid according to the number of users they infect, their
primary motivation is to develop attacks that go undetected for as long as
possible. This in turn has led them to develop technological improvements and
sophisticated techniques designed to evade traditional security solutions,
including a new genre of highly sophisticated attacks designed to evade
signature-based and database-reliant security methods. These attacks
represent a quantum leap for hackers in terms of their technological
sophistication, and pose a serious challenge to the IT community.

Concludes Ben-Itzhak: "The trends described in this report reflect the
way we sees the web security field evolving in the near future in terms of
utilizing the full power of Web 2.0 to conduct malicious activities by
utilizing legitimate websites and technologies. The fact that attackers
continue to adapt legitimate technologies to support their criminal
activities indicates how meticulously they are monitoring current security
vendor technology. Their quickness and agility in applying new attack
techniques has given them an edge - at least for the time being - over
traditional security vendors."

About MCRC

Malicious Code Research Center (MCRC) is the leading research department
at Finjan, dedicated to the research and detection of security
vulnerabilities in Internet applications, as well as other popular programs.
MCRC's goal is to stay steps ahead of hackers attempting to exploit open
platforms and technologies to develop malicious code such as Spyware,
Trojans, Phishing attacks, worms and viruses. MCRC shares its research
efforts with many of the world's leading software vendors to help patch their
security holes. MCRC is a driving force behind the development of next
generation security technologies used in Finjan's proactive web security
solutions. For more information, visit our MCRC subsite
http://www.finjan.com/SecurityLab.aspx?id=547.

About Finjan

Finjan is a global provider of web security solutions for the enterprise
market. Our real-time, appliance-based web security solutions deliver the
most effective shield against web-borne threats, freeing enterprises to
harness the web for maximum commercial results. Finjan's real-time web
security solutions utilize patented behavior-based technology to repel all
types of threats arriving via the web, such as spyware, phishing, Trojans and
obfuscated malicious code, securing businesses against unknown and emerging
threats, as well as known malware. Finjan's security solutions have received
industry awards and recognition from leading analyst houses and publications,
including IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network
Computing, and Information Security. With Finjan's award-winning and widely
used solutions, businesses can focus on implementing web strategies to
realize their full organizational and commercial potential. For more
information about Finjan, please visit: http://www.finjan.com.

(c) Copyright 1996-2007. Finjan Software Inc. and its affiliates and
subsidiaries. All rights reserved. All text and figures included in this
publication are the exclusive property of Finjan and are for your personal
and non-commercial use. You may not modify, copy, distribute, transmit,
display, perform, reproduce, publish, license, create derivative works from,
transfer, use or sell any part of its content in any way without the express
permission in writing from Finjan. Information in this document is subject to
change without notice and does not present a commitment or representation on
the part of Finjan. The Finjan technology and/or products and/or software
described and/or referenced to in this material are protected by registered
and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520,
6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662,
6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by
other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and
Window-of-Vulnerability are trademarks or registered trademarks of Finjan
Inc., and/or its affiliates and subsidiaries. All other trademarks are the
trademarks of their respective owners.

Media Contacts 

    United States
    Jan Wiedrick-Kozlowski 
    Activa PR 
    Tel. +1-585-392-7878
    jan@activapr.com

    UK
    Neil Stinchcombe 
    Eskenzi PR Ltd. 
    Tel: +44-(0)208-449-1007 
    neil@eskenzipr.com