SAN JOSE, California, September 23 /PRNewswire/ --

- In its Latest Malicious Page of the Month Report, Finjan
Describes the Malicious Obfuscated Code Evolution, Including Examples of its
Increased Sophistication and Effectiveness

Finjan Inc., a leader in secure web gateway products, today announced
that its Malicious Code Research Center (MCRC) discovered examples of
obfuscated code embedded in rich-content files, and not only in HTML-webpages
on legitimate websites.

http://www.newscom.com/cgi-bin/prnh/20080618/309345

"Since JavaScript is the most-used scripting language for communication
with web browsers, third-party applications such as Flash player, PDF readers
and other multimedia applications have added support for JavaScript as part
of their application," said Yuval Ben-Itzhak, CTO of Finjan. "This offers
crimeware authors the opportunity to inject malicious code into rich-content
files used by Ads and user-generated content on Web 2.0 websites."

The report also covers the evolution of obfuscated code for cybercrime
attacks:

- In 2005, code obfuscation consisted of character-based encoding - using
      any format a browser could interpret - and code scrambling
    - In 2006, code obfuscation became dynamic - providing a predefined
      function which receives as input long sets of characters
    - In 2007, an AJAX-based "private key" is used for de-obfuscating the
      code, enabling the code to be seen once- and in real-time only
    - In 2008, obfuscated code is not only embedded in HTML-webpages on
      legitimate websites, but also in rich-content files such as PDF and 
      Flash



Online Ads and user-generated content on Web 2.0 websites are becoming
more popular in directing users to malware-infected content files. Finjan's
H1/2008 Web Security Survey Report indicates that 46% of respondents stated
that their organization didn't have a Web 2.0 security policy in place.

According to Finjan, code obfuscation remains the preferred technique for
cybercriminals for their attacks. Real-time content inspection is the optimal
way to detect and block dynamically obfuscated code and similar types of
advanced cybercrime techniques, since it analyzes and understands the code
embedded within web content or files in real time - before it reaches the
end-users.

The research is described in detail in Finjan's latest "Malicious Page of
the Month" report released today.

To download the report, please visit http://www.finjan.com/mpom

Finjan's H1/2008 Web Security Survey Report is available at:
http://www.finjan.com/mcrc

About MCRC

Malicious Code Research Center (MCRC) is the leading research department
at Finjan, dedicated to the research and detection of security
vulnerabilities in Internet applications, as well as other popular programs.
MCRC's goal is to stay steps ahead of hackers attempting to exploit open
platforms and technologies to develop malicious code such as Spyware,
Trojans, Phishing attacks, worms and viruses. MCRC shares its research
efforts with many of the world's leading software vendors to help patch their
security holes. MCRC is a driving force behind the development of next
generation security technologies used in Finjan's proactive web security
solutions. For more information, visit our MCRC subsite (
http://www.finjan.com/SecurityLab.aspx?id=547)

About Finjan

Finjan is a global provider of web security solutions for the enterprise
market. Our real-time, appliance-based web security solutions deliver the
most effective shield against web-borne threats, freeing enterprises to
harness the web for maximum commercial results. Finjan's active real-time web
security solutions utilize patented behavior-based technology to repel all
types of threats arriving via the web, such as spyware, phishing, Trojans and
obfuscated malicious code, securing businesses against unknown and emerging
threats, as well as known malware. Finjan's security solutions have received
industry awards and recognition from leading analyst houses and publications,
including Gartner, IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek,
Network Computing, and Information Security. With Finjan's award-winning and
widely used solutions, businesses can focus on implementing web strategies to
realize their full organizational and commercial potential. For more
information about Finjan, please visit: http://www.finjan.com.

(c) Copyright 1996-2008. Finjan Software Inc. and its affiliates and
subsidiaries. All rights reserved. All text and figures included in this
publication are the exclusive property of Finjan and are for your personal
and non-commercial use. You may not modify, copy, distribute, transmit,
display, perform, reproduce, publish, license, create derivative works from,
transfer, use or sell any part of its content in any way without the express
permission in writing from Finjan. Information in this document is subject to
change without notice and does not present a commitment or representation on
the part of Finjan. The Finjan technology and/or products and/or software
described and/or referenced to in this material are protected by registered
and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520,
6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662,
6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by
other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and
Window-of-Vulnerability are trademarks or registered trademarks of Finjan
Inc., and/or its affiliates and subsidiaries. All other trademarks are the
trademarks of their respective owners.

Media Contacts

    United States                         UK
    Marina Greenwood                      Neil Stinchcombe
    Activa PR                             Eskenzi PR Ltd.
    Tel: +1-415-776-5350                  Tel: +44(0)208-449-1007
    marina@activapr.com                   neil@eskenzipr.com