informa
/
Vulnerabilities/Threats
News

Finjan Unveils Research at Black Hat

Finjan's security researchers to share their Web threat discoveries at Black Hat USA 2007

SAN JOSE, Calif. -- Finjan Inc., a leader in secure web gateway products, today announced that key members of its renowned Malicious Code Research Center (MCRC) will be available at the Black Hat USA 2007 security conference today and tomorrow at Caesars Palace in Las Vegas. Finjan's MCRC team will be located at the company's Black Hat exhibit -- Booth A -- for sharing insights about the MCRC's latest malicious code findings. Finjan is a Silver Sponsor of Black Hat USA 2007.

"Black Hat provides a rich opportunity for security professionals to meet and share their recent research and discoveries in all security topics," said Finjan CTO Yuval Ben-Itzhak. "Finjan's MCRC will explore many of our web security discoveries as well as available mitigation technologies to secure businesses from them."

Ben-Itzhak noted that three of the main topics the MCRC team will explore with Black Hat attendees are those covered in Finjan's recently released Web Security Trends Report (Q2 2007):

  • Dynamically evasive attacks that bypass signature-based and database-reliant security technology. This new class of web attacks represents a quantum leap in technological sophistication, going far beyond that of drive-by downloads and code obfuscation. In order to minimize the malicious code's window of exposure, dynamically evasive attacks keep track of the IP addresses of visitors to a particular website or web page. Using this information, attackers can restrict exposure to the malicious code to a single view from each unique IP address. As a result, the second time a given IP address tries to access the malicious page, a benign page will be automatically displayed in its place. All traces of the initial malicious page completely disappear.

  • 'Affiliation networks' that employ a hosted model for propagating malicious code. In this scheme, the malicious code is usually located on a dedicated malicious code server (or a site that has been hacked to host the malicious code), while the participants in the affiliation insert a reference to the malicious code in various websites. The website owners are paid according to the number of infected visitors to the site. These affiliation networks have been used to compromise highly popular websites and even government domains. In many cases, the malicious code is being used to steal sensitive financial and personal information, such as bank account details, credit card numbers and social security IDs.

  • Malicious code in online advertising on legitimate websites. Websites often display ads from third party advertising networks, over which they may have little or no control. While legitimate website owners trust advertisers to display non-malicious content, advertisers sometimes "sublet" their space to others. This hierarchy can often comprise several layers, seriously compromising the level of control the website owner has over advertising content. A variety of web threats can result. For example, innocent sites can deploy keyword-based advertisements that are placed automatically from a malicious ad server. In addition, ad content can include obfuscated references to malicious code on a third site that uses multiple infection techniques to download a Trojan keylogger to the user's machine.

"These are the latest examples of web exploits and attacks that the Finjan MCRC has identified quickly, soon after their release 'into the wild,' with our patented real-time content inspection technology," Ben-Itzhak said. "We are anticipating lots of feedback from Black Hat attendees about these findings and our unique security technology for identifying web threats in real-time."

Finjan Software Inc.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5