SAN JOSE, California, December 9 /PRNewswire/ --

- In its Q4 2008 Web Security Trends Report, Finjan Outlines How PDF and Flash files Containing Obfuscated Malicious Code are Used by Cybercriminals to Infect PCs and Also Gives a Forecast for 2009

Finjan Inc., a leading provider of secure web gateway solutions ( for the enterprise market, today announced the latest findings by its Malicious Code Research Center (MCRC) indentifying and analyzing the latest trends in cybercrime.

(Logo: )

In its Web Security Trends Report Q4 2008 (, MCRC shows how cybercriminals are using PDF and Flash files - that are normally considered to be safe - as a vehicle for distributing their malicious code and for infecting end-user PCs.

Cybercriminals take advantage of the specific functionality available in Flash ActionScript that enables the Flash file to interact with its hosted web page (DOM). They embed their malicious code in Flash files and dynamically inject it into the hosting DOM to exploit a browser-vulnerability and to install a Trojan. Although Flash supports the functionality to prevent such interactions, many sites owners are not using it.

The report further unveils that large ad networks serving Flash-based banner ads did not prevent their ads from interacting with the hosting webpage. As demonstrated in the report, the lack of configuration by ad networks to prevent this interaction, between the served Flash-based ad's ActionScript and the DOM, has become a new vector for cybercriminals to serve their malicious code undetected.

Using rich content applications such as Flash files to distribute malicious code has become the latest trend in cybercrime, said Yuval Ben-Itzhak, CTO of Finjan. Having the widespread distribution and the popularity of Flash-based ads on the Web, their binary file format enables cybercriminals to hide their malicious code and later exploit end-user browsers to install malware.

Finjan's MCRC has continuously been following and covering the evolution of cybercrime in recent years. In its latest trends report, MCRC provides an overview of cybercrime trends in 2008 and presents its predictions for 2009.

- Cybercrime will keep on rising with an increasing number of unemployed IT professionals joining in - Cybercriminals will benefit from the Obama Administration's plan to bring Broadband Internet access to every American - Cybercriminals will continue to leverage the most advanced techniques and services that Web 2.0 can offer, with a focus on Trojan technologies

Concludes Ben-Itzhak: Cybercriminals will continue to be highly successful in their crimeware attacks, deploying the latest technologies, especially sophisticated data-stealing Trojans. By staying ahead of traditional security methods, they will keep on maximizing their considerable profits. The optimal way to prevent malicious files from infecting PCs and corporate networks is active real-time content inspection technologies that can inspect each and every piece of Web content in real-time to detect malicious code without the need for signatures.

About MCRC

Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC's goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world's leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan's proactive web security solutions. For more information, visit our MCRC subsite (

About Finjan

Finjan is a global provider of web security solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan's real-time web security solutions utilize patented behavior-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans and obfuscated malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan's award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit:

(c) Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved. All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including European Patent EP 0 965 094 B1 and U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358, 7418731 and may be protected by other U.S. Patents, foreign patents, or pending applications. Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.

Media Contacts: United States Jan Wiedrick-Kozlowski Activa PR Tel: +1-585-392-7878 UK Neil Stinchcombe Eskenzi PR Ltd. Tel: +44(0)208-449-1007

Media Contacts: United States, Jan Wiedrick-Kozlowski, Activa PR, Tel: +1-585-392-7878,; UK, Neil Stinchcombe, Eskenzi PR Ltd., Tel: +44(0)208-449-1007,