SAN JOSE, California, January 14 /PRNewswire/ --

- In its Just-Released Malicious Page of the Month Report, Finjan 
Explores the "random js toolkit,"the Latest Example in the Trend Among 
Cybercriminals to Undermine 'Trusted' Web Sites

Finjan Inc., a leader in secure web gateway products, today announced
that its Malicious Code Research Center (MCRC) has identified yet another
significant new web attack -- the latest in a genre of crimeware that
threatens to turn highly trusted web sites into insidious traps for unwary
visitors. More than 10,000 websites in the US were infected in December by
this latest malware. The attack, which Finjan has designated "random js
toolkit," is an extremely elusive crimeware Trojan that infects an end user's
machine and sends data from the machine via the Internet to the Trojan's
"master", a cybercriminal. Data stolen by the Trojan can include documents,
passwords, surfing habitats, or any other sensitive information of interest
to the criminal.

The random js toolkit was detected using Finjan's patented real-time code
inspection technology while diagnosing users' web traffic during December
2007. The attack is described in detail in Finjan's latest "Malicious Page of
the Month" report released today. The report explores the new attack vector
in depth, providing an illustration of the attack in action, as captured "in
the wild"; an analysis of the effectiveness of its evasive techniques;
examples of high-ranked and trusted domains that were compromised by this
attack technique; and an analysis of a successful exploitation. To download
the report, visit http://www.finjan.com

The random js toolkit is a JavaScript code that is created dynamically
and changes every time it is being accessed. As a result, it is almost
impossible to be detected by traditional signature-based anti-malware
products. Explained Finjan CTO Yuval Ben-Itzhak, "Signaturing a dynamic
script is not effective. Signaturing the exploiting code itself is also not
effective, since these exploits are changing continually to stay ahead of
current zero-day threats and available patches. Keeping an up-to-date list of
'highly-trusted-doubtful' domains serves only as a limited defense against
this attack vector."

"What's needed to counter this exploit is dynamic code inspection
technology that can detect and block an attack in real time," Ben-Itzhak
said. "This technology doesn't depend on the origin URL, signature or the
site's reputation, but inspects the Web content in real-time, as served. It
analyzes the code's intentions before enabling it be executed on the end-user
browser."

Over 30,000 new infected web pages are being created every day

Ben-Itzhak noted that the random js toolkit is an example of the recent
trend among cybercriminals to undermine 'trusted' web sites. "In mid-year
2007, studies showed there were nearly 30,000 new infected web pages being
created every day. About 80 percent of those pages hosting malicious software
or containing drive-by downloads with damaging content were located on hacked
legitimate sites. Today the situation is much worse."

The random js attack is performed by dynamic embedding of scripts into a
webpage. It provides a random filename that can only be accessed once. This
dynamic embedding is done in such a selective manner that when a user has
received a page with the embedded malicious script once, it will not be
referenced again on further requests. This method prevents detection of the
malware in later forensic analyses.

Finjan's research into the random js toolkit found that around 10,000
legitimate domains served the malicious code in December. Among the infected
web sites, Finjan identified highly trusted domains. Finjan alerted
administrators of both sites, and the malicious code was subsequently removed
from the sites and is no longer active.

About MCRC

Malicious Code Research Center (MCRC) is the leading research department
at Finjan, dedicated to the research and detection of security
vulnerabilities in Internet applications, as well as other popular programs.
MCRC's goal is to stay steps ahead of hackers attempting to exploit open
platforms and technologies to develop malicious code such as Spyware,
Trojans, Phishing attacks, worms and viruses. MCRC shares its research
efforts with many of the world's leading software vendors to help patch their
security holes. MCRC is a driving force behind the development of next
generation security technologies used in Finjan's proactive web security
solutions. For more information, visit our MCRC subsite:
http://www.finjan.com/SecurityLab.aspx?id=547

About Finjan

Finjan is a global provider of web security solutions for the enterprise
market. Our real-time, appliance-based web security solutions deliver the
most effective shield against web-borne threats, freeing enterprises to
harness the web for maximum commercial results. Finjan's real-time web
security solutions utilize patented behavior-based technology to repel all
types of threats arriving via the web, such as spyware, phishing, Trojans and
obfuscated malicious code, securing businesses against unknown and emerging
threats, as well as known malware. Finjan's security solutions have received
industry awards and recognition from leading analyst houses and publications,
including IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network
Computing, and Information Security. With Finjan's award-winning and widely
used solutions, businesses can focus on implementing web strategies to
realize their full organizational and commercial potential. For more
information about Finjan, please visit: http://www.finjan.com.

(c) Copyright 1996-2007. Finjan Software Inc. and its affiliates and
subsidiaries. All rights reserved. All text and figures included in this
publication are the exclusive property of Finjan and are for your personal
and non-commercial use. You may not modify, copy, distribute, transmit,
display, perform, reproduce, publish, license, create derivative works from,
transfer, use or sell any part of its content in any way without the express
permission in writing from Finjan. Information in this document is subject to
change without notice and does not present a commitment or representation on
the part of Finjan. The Finjan technology and/or products and/or software
described and/or referenced to in this material are protected by registered
and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520,
6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662,
6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by
other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and
Window-of-Vulnerability are trademarks or registered trademarks of Finjan
Inc., and/or its affiliates and subsidiaries. All other trademarks are the
trademarks of their respective owners.

Media Contacts
    United States UK
    Jan Wiedrick-Kozlowski Neil Stinchcombe
    Activa PR Eskenzi PR Ltd.
    Tel. +1-585-392-7878 Tel: +44(0)208-449-1007
    jan@activapr.com neil@eskenzipr.com