SAN JOSE, California, September 23 /PRNewswire/ --

- In its Latest Malicious Page of the Month Report, Finjan Describes the Malicious Obfuscated Code Evolution, Including Examples of its Increased Sophistication and Effectiveness

Finjan Inc., a leader in secure web gateway products, today announced that its Malicious Code Research Center (MCRC) discovered examples of obfuscated code embedded in rich-content files, and not only in HTML-webpages on legitimate websites.

http://www.newscom.com/cgi-bin/prnh/20080618/309345

"Since JavaScript is the most-used scripting language for communication with web browsers, third-party applications such as Flash player, PDF readers and other multimedia applications have added support for JavaScript as part of their application," said Yuval Ben-Itzhak, CTO of Finjan. "This offers crimeware authors the opportunity to inject malicious code into rich-content files used by Ads and user-generated content on Web 2.0 websites."

The report also covers the evolution of obfuscated code for cybercrime attacks:

- In 2005, code obfuscation consisted of character-based encoding - using any format a browser could interpret - and code scrambling - In 2006, code obfuscation became dynamic - providing a predefined function which receives as input long sets of characters - In 2007, an AJAX-based "private key" is used for de-obfuscating the code, enabling the code to be seen once- and in real-time only - In 2008, obfuscated code is not only embedded in HTML-webpages on legitimate websites, but also in rich-content files such as PDF and Flash

Online Ads and user-generated content on Web 2.0 websites are becoming more popular in directing users to malware-infected content files. Finjan's H1/2008 Web Security Survey Report indicates that 46% of respondents stated that their organization didn't have a Web 2.0 security policy in place.

According to Finjan, code obfuscation remains the preferred technique for cybercriminals for their attacks. Real-time content inspection is the optimal way to detect and block dynamically obfuscated code and similar types of advanced cybercrime techniques, since it analyzes and understands the code embedded within web content or files in real time - before it reaches the end-users.

The research is described in detail in Finjan's latest "Malicious Page of the Month" report released today.

To download the report, please visit http://www.finjan.com/mpom

Finjan's H1/2008 Web Security Survey Report is available at: http://www.finjan.com/mcrc

About MCRC

Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC's goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world's leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan's proactive web security solutions. For more information, visit our MCRC subsite ( http://www.finjan.com/SecurityLab.aspx?id=547)

About Finjan

Finjan is a global provider of web security solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan's active real-time web security solutions utilize patented behavior-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans and obfuscated malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan's award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: http://www.finjan.com.

(c) Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved. All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.

Media Contacts United States UK Marina Greenwood Neil Stinchcombe Activa PR Eskenzi PR Ltd. Tel: +1-415-776-5350 Tel: +44(0)208-449-1007 marina@activapr.com neil@eskenzipr.com

Media Contacts: United States, Marina Greenwood, Activa PR, Tel: +1-415-776-5350, marina@activapr.com; UK, Neil Stinchcombe, Eskenzi PR Ltd., Tel: +44(0)208-449-1007, neil@eskenzipr.com