In Web security trends report, Finjan explores 'Trojan 2.0' attacks that utilize regular Web 2.0 technology to exploit legitimate Web services

Dark Reading Staff, Dark Reading

December 10, 2007

3 Min Read

SAN JOSE, Calif. -- Finjan Inc., a leader in secure web gateway products, today announced important findings by its Malicious Code Research Center (MCRC) identifying a new genre of crimeware Trojans. Utilizing regular Web 2.0 technology and websites to provide cybercriminals with an easy and scalable command and control scheme, the latest "Trojan 2.0" attacks exploit the trust that legitimate web services enjoy vis-a-vis reputation-based security services. As such, they enable criminals to further capitalize on the web as the most effective attack vector for a wide range of illegitimate and malicious activities - including botnet delivery of spam, identity theft through keylogging, and highly sophisticated financial fraud, corporate espionage, and business intelligence gathering. Finjan's findings on the crimeware upgrades to Trojan 2.0 are detailed in its Web Security Trends Report (Q4 2007) released today.

"Criminals and attackers are arming their crimeware Trojans with new covert communication channels designed to evade detection by traditional security products," said Finjan CTO Yuval Ben-Itzhak. "Since this model uses legitimate websites and domains for distributing instructions to botnets, these communications appear as regular web traffic, and in most cases cannot be detected by enterprises' existing security solutions. The advancements made in Trojan technology compel businesses to upgrade their web security solutions. Products that rely on real-time inspection and true understanding of the underlying web content, rather than reputation-based or signature-based solutions, are best equipped to handle these types of threats."

New threats in 2008 will leverage advanced Web 2.0 techniques and services The latest report from the Finjan MCRC also provides a forecast of what Finjan expects for the web security space in 2008. As email-borne attacks continue to diminish - except for spam - and the web consolidates its claim as cybercriminals' favorite vector of attack, the web channel will continue to evolve. The stage is set for cybercriminals to leverage Web 2.0 technologies (e.g., RSS feeds, social networks, blogs and mashups) to reach new levels of technological sophistication. New types of upgraded attacks, such as Trojan 2.0, will use the web as a control channel for communicating with botnets, taking advantage of the very trust that users have been conditioned to place in their traditional security vendors (e.g., anti-virus, URL reputation, etc).

"Building on the trend over the past year whereby financial reward has been driving the evolution of malicious code, 2008 will bring new threats that leverage advanced Web 2.0 techniques and services," said Ben-Itzhak. "Attacks will become more sophisticated by combining several services in order to heighten infection ratios and decrease the detection rate, while providing more robust and scalable attack frameworks. The focus will be on Trojan technology as it enables maximum flexibility in terms of command and control. This adds another potentially malicious element to the 'legitimate' web traffic that needs to be examined by security solutions. We will cover these and other relevant topics in our upcoming 2008 quarterly Web Security Trends Reports, as well as providing 'in the wild' examples based on our ongoing research activities."

Finjan Software Inc.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights