Finjan Uncovers More Than 8,700 FTP Server Credentials in the Hands of Hackers - Top Global Domains are on the List

SAN JOSE, California, February 27 /PRNewswire/ --

- In its Latest Malicious Page of the Month Report, Finjan Reveals the
Commercialization of Stolen FTP Server Credentials, Owned by Legitimate
Companies, by Hackers who are Using the NeoSploit Crimeware Toolkit

Finjan Inc., a leader in secure web gateway products, today announced it
has uncovered a database containing more than 8,700 harvested FTP account
credentials, including username, password and server address - in the hands
of hackers. These stolen credentials enable criminals to compromise servers
and automatically inject crimeware to infect users visiting them. Among those
stolen accounts are those of Fortune-level global companies in a wide range
of industries including manufacturing, telecom, media, online retail, IT, as
well as government agencies. The stolen FTP accounts include some of the
world's top 100 domains as ranked by Alexa.com.

Finjan's Malicious Code Research Center (MCRC) has detailed the workings
of an insidious new application, especially designed to abuse and trade
stolen FTP account credentials of legitimate companies around the world. A
trading interface is used to qualify the stolen accounts in terms of country
of residence of the FTP server and Google page ranking of the compromised
server. This information enables the cybercriminals to devise cost for the
compromised FTP credentials for resale to other cybercriminals or to adjust
the attack on more prominent sites. The trading application also allows the
cybercriminal to manage FTP credential information to automatically inject
IFRAME tags to web pages on the compromised server.

"Software-as-a-Service has been evolving for sometime, but until now, it
has been applied only to legitimate applications. With this new trading
application, cybercriminals have an instant 'solution' to their 'problem' of
gaining access to FTP credentials and thus infecting both the legitimate
websites and its unsuspecting visitors. All of this can be easily achieved
with just one push of a button," said Yuval Ben-Itzhak, CTO of Finjan.

Finjan invites IT security personnel from legitimate organizations to
inquire if their FTP servers' credentials are among those identified as
stolen. Finjan can be contacted at http://www.finjan.com/contactFTP

According to Finjan, the NeoSploit 2 toolkit marks a serious escalation
of Crimeware potential, since it uses the Software-as-a-Service business
model.

Both the NeoSploit Version 2 toolkit and the application were detected
using Finjan's patented real-time code inspection technology while diagnosing
users' web traffic. The attack is described in detail in Finjan's latest
"Malicious Page of the Month" report released today.

To download the report, please visit http://www.finjan.com/mpom

About MCRC

Malicious Code Research Center (MCRC) is the leading research department
at Finjan, dedicated to the research and detection of security
vulnerabilities in Internet applications, as well as other popular programs.
MCRC's goal is to stay steps ahead of hackers attempting to exploit open
platforms and technologies to develop malicious code such as Spyware,
Trojans, Phishing attacks, worms and viruses. MCRC shares its research
efforts with many of the world's leading software vendors to help patch their
security holes. MCRC is a driving force behind the development of next
generation security technologies used in Finjan's proactive web security
solutions. For more information, visit our MCRC subsite (
http://www.finjan.com/SecurityLab.aspx?id=547)

About Finjan

Finjan is a global provider of web security solutions for the enterprise
market. Our real-time, appliance-based web security solutions deliver the
most effective shield against web-borne threats, freeing enterprises to
harness the web for maximum commercial results. Finjan's real-time web
security solutions utilize patented behavior-based technology to repel all
types of threats arriving via the web, such as spyware, phishing, Trojans and
obfuscated malicious code, securing businesses against unknown and emerging
threats, as well as known malware. Finjan's security solutions have received
industry awards and recognition from leading analyst houses and publications,
including IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network
Computing, and Information Security. With Finjan's award-winning and widely
used solutions, businesses can focus on implementing web strategies to
realize their full organizational and commercial potential. For more
information about Finjan, please visit: http://www.finjan.com.

(C) Copyright 1996-2007. Finjan Software Inc. and its affiliates and
subsidiaries. All rights reserved. All text and figures included in this
publication are the exclusive property of Finjan and are for your personal
and non-commercial use. You may not modify, copy, distribute, transmit,
display, perform, reproduce, publish, license, create derivative works from,
transfer, use or sell any part of its content in any way without the express
permission in writing from Finjan. Information in this document is subject to
change without notice and does not present a commitment or representation on
the part of Finjan. The Finjan technology and/or products and/or software
described and/or referenced to in this material are protected by registered
and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520,
6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662,
6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by
other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and
Window-of-Vulnerability are trademarks or registered trademarks of Finjan
Inc., and/or its affiliates and subsidiaries. All other trademarks are the
trademarks of their respective owners.

Media Contacts

    United States
    Marina Greenwood
    Activa PR
    Tel: +1-415-776-5350
    marina@activapr.com

    UK
    Neil Stinchcombe
    Eskenzi PR Ltd.
    Tel: +44(0)208-449-1007
    neil@eskenzipr.com