SAN JOSE, California, December 9 /PRNewswire/ --

- In its Q4 2008 Web Security Trends Report, Finjan Outlines How PDF and
Flash files Containing Obfuscated Malicious Code are Used by Cybercriminals
to Infect PCs and Also Gives a Forecast for 2009

Finjan Inc., a leading provider of secure web gateway solutions
(http://www.finjan.com/Content.aspx?id=169) for the enterprise market, today
announced the latest findings by its Malicious Code Research Center (MCRC)
indentifying and analyzing the latest trends in cybercrime.

(Logo: http://www.newscom.com/cgi-bin/prnh/20080618/309345 )

In its Web Security Trends Report Q4 2008 
(https://www.finjan.com/form.aspx?id=72&ObjId=641), MCRC shows how
cybercriminals are using PDF and Flash files - that are normally considered
to be safe - as a vehicle for distributing their malicious code and for
infecting end-user PCs.

Cybercriminals take advantage of the specific functionality available in
Flash ActionScript that enables the Flash file to interact with its hosted
web page (DOM). They embed their malicious code in Flash files and
dynamically inject it into the hosting DOM to exploit a browser-vulnerability
and to install a Trojan. Although Flash supports the functionality to prevent
such interactions, many sites owners are not using it.

The report further unveils that large ad networks serving Flash-based
banner ads did not prevent their ads from interacting with the hosting
webpage. As demonstrated in the report, the lack of configuration by ad
networks to prevent this interaction, between the served Flash-based ad's
ActionScript and the DOM, has become a new vector for cybercriminals to serve
their malicious code undetected.

"Using rich content applications such as Flash files to distribute
malicious code has become the latest trend in cybercrime," said Yuval
Ben-Itzhak, CTO of Finjan. "Having the widespread distribution and the
popularity of Flash-based ads on the Web, their binary file format enables
cybercriminals to hide their malicious code and later exploit end-user
browsers to install malware."

Finjan's MCRC has continuously been following and covering the evolution
of cybercrime in recent years. In its latest trends report, MCRC provides an
overview of cybercrime trends in 2008 and presents its predictions for 2009.

- Cybercrime will keep on rising with an increasing number of unemployed
      IT professionals joining in

    - Cybercriminals will benefit from the Obama Administration's plan to
      bring Broadband Internet access to every American

    - Cybercriminals will continue to leverage the most advanced techniques
      and services that Web 2.0 can offer, with a focus on Trojan 
      technologies



Concludes Ben-Itzhak: "Cybercriminals will continue to be highly
successful in their crimeware attacks, deploying the latest technologies,
especially sophisticated data-stealing Trojans. By staying ahead of
traditional security methods, they will keep on maximizing their considerable
profits. The optimal way to prevent malicious files from infecting PCs and
corporate networks is active real-time content inspection technologies that
can inspect each and every piece of Web content in real-time to detect
malicious code without the need for signatures."

About MCRC

Malicious Code Research Center (MCRC) is the leading research department
at Finjan, dedicated to the research and detection of security
vulnerabilities in Internet applications, as well as other popular programs.
MCRC's goal is to stay steps ahead of hackers attempting to exploit open
platforms and technologies to develop malicious code such as Spyware,
Trojans, Phishing attacks, worms and viruses. MCRC shares its research
efforts with many of the world's leading software vendors to help patch their
security holes. MCRC is a driving force behind the development of next
generation security technologies used in Finjan's proactive web security
solutions. For more information, visit our MCRC subsite 
(http://www.finjan.com/SecurityLab.aspx?id=547).

About Finjan

Finjan is a global provider of web security solutions for the enterprise
market. Our real-time, appliance-based web security solutions deliver the
most effective shield against web-borne threats, freeing enterprises to
harness the web for maximum commercial results. Finjan's real-time web
security solutions utilize patented behavior-based technology to repel all
types of threats arriving via the web, such as spyware, phishing, Trojans and
obfuscated malicious code, securing businesses against unknown and emerging
threats, as well as known malware. Finjan's security solutions have received
industry awards and recognition from leading analyst houses and publications,
including Gartner, IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek,
Network Computing, and Information Security. With Finjan's award-winning and
widely used solutions, businesses can focus on implementing web strategies to
realize their full organizational and commercial potential. For more
information about Finjan, please visit: http://www.finjan.com.

(c) Copyright 1996-2008. Finjan Software Inc. and its affiliates and
subsidiaries. All rights reserved. All text and figures included in this
publication are the exclusive property of Finjan and are for your personal
and non-commercial use. You may not modify, copy, distribute, transmit,
display, perform, reproduce, publish, license, create derivative works from,
transfer, use or sell any part of its content in any way without the express
permission in writing from Finjan. Information in this document is subject to
change without notice and does not present a commitment or representation on
the part of Finjan. The Finjan technology and/or products and/or software
described and/or referenced to in this material are protected by registered
and/or pending patents including European Patent EP 0 965 094 B1 and U.S.
Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892,
6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743,
7155744, 7185358, 7418731 and may be protected by other U.S. Patents, foreign
patents, or pending applications. Finjan, Finjan logo, Vital Security,
Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or
registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries.
All other trademarks are the trademarks of their respective owners.

Media Contacts:

    United States
    Jan Wiedrick-Kozlowski
    Activa PR
    Tel: +1-585-392-7878
    jan@activapr.com

    UK
    Neil Stinchcombe
    Eskenzi PR Ltd.
    Tel: +44(0)208-449-1007
    neil@eskenzipr.com