Home » News » Web Security Company Finjan Pr ...

News by JavaScriptSearch


Web Security Company Finjan Presents Findings on Malware Threats

 

JavaScriptSearch
Monday, October 16, 2006; 03:32 AM

Finjan Inc., a provider of web security solutions for businesses and organizations, announced its findings on the latest web security trends as uncovered by its Malicious Code Research Center (MCRC). In its Web Security Trends Report (Q3 2006) (http://www.finjan.com/content.aspx?id=827), Finjan presents new findings related to malicious code found on storage and caching servers, as well as insights into trends related to sophisticated new threats that target Web 2.0 platforms and technologies. The report also includes a follow-up story showing additional examples of "vulnerabilities for sale," as exposed in Finjan's previous Web Security Trends Report (http://www.finjan.com/content.aspx?id=827), released in July, which focused on the commercialization of malicious code and a widening black market.

Malicious Code in Cached Web Pages Served by Storage and Caching Servers

The new report details Finjan's discovery of malicious content residing in cached web pages on storage and caching servers, such as those used by ISPs, enterprises and leading search engines. "This malicious code can be referenced by third-party web pages and can be used to exploit an end user's machine," said Yuval Ben-Itzhak, Finjan's Chief Technology Officer. "Even if the malicious site has been taken down, its malicious content is still stored and served by the caching servers. The exploit can result in the installation of Spyware, Trojans, and other malware that compromise a user's privacy and identity."

The report presents several instances of malicious code found by Finjan security researchers on public storage and caching servers. "This is more than just a theoretical danger," Ben-Itzhak said. "Owing to this exploit, it is possible that storage and caching servers could unintentionally become the largest 'legitimate' storage venue for malicious code. Such 'infection-by-proxy' introduces new risks for businesses and consumers." Ben-Itzhak noted that as the number of malicious sites continues to increase, it is important to raise users' awareness regarding the potential dangers that may be lurking in cached web pages.

Finjan has provided the search engines and service providers with full technical details of the discovery, and is conducting a dialogue with these companies in order to assist them in resolving the issue. Some examples of malicious code found on storage and caching servers are presented here (http://www.finjan.com/Content.aspx?id=1117). Details of MCRC's disclosure policy (http://www.finjan.com/content.aspx?id=1118) can be found on Finjan's MCRC website.

Compromised Web 2.0 Security and Querying the "Hidden Web"

Another newly discovered web security threat centers on the use of Web 2.0 and AJAX (Asynchronous JavaScript and XML) technologies for malicious activities. While Web 2.0 and AJAX offer an enriched and improved user experience for Internet users, the technology also flings open the door to new malware propagation methods. "By targeting high-traffic web sites, hackers have found an easy way to achieve mass propagation," Ben-Itzhak said. "By either embedding malicious code in hosted Web content or by using AJAX to query the 'hidden web', hackers can create 'invisible' attacks since the code is never revealed on the site."

Ben-Itzhak noted that in order to protect users from malicious AJAX queries, enterprises require security solutions that are capable of analyzing each web request/reply "on the fly." "Behavior-based analysis of web content, performed on the gateway between the browser and web servers, is one effective method for doing this," he said. "A further advantage of behavior-based security is that it analyzes each and every piece of content, regardless of its original source. This technology assures that malicious content will not enter the network even if its origin is a highly trusted site."

Growth in the Commercialization of Malicious Code

In the previous Web Security Trends Report (http://www.finjan.com/content.aspx?id=827 ), Finjan discussed the trend towards commercialization of malicious code. Finjan's latest report discloses a new twist to the sale of vulnerabilities. Finjan researchers uncovered a company which looks for unknown bugs/flaws in security products (e.g., ZoneAlarm Pro, Norton Personal Firewall).

Detailed descriptions of these latest cyber threats are provided in the Web Security Trends Report (http://www.finjan.com/content.aspx?id=827 ), as well as examples of malicious code in the wild, as detected by Finjan's Malicious Code Research Center. Ben-Itzhak concluded: "The information gathered by our MCRC and made available through our Web Security Trends Report (http://www.finjan.com/content.aspx?id=827 ) helps our customers, as well as the entire IT security community at large, meet growing cyber threats and counter malicious content."

Advertisement

Partners

Related Resources

Other Resources

arrow