SAN JOSE, California, January 14 /PRNewswire/ --

- In its Just-Released Malicious Page of the Month Report, Finjan Explores the "random js toolkit,"the Latest Example in the Trend Among Cybercriminals to Undermine 'Trusted' Web Sites

Finjan Inc., a leader in secure web gateway products, today announced that its Malicious Code Research Center (MCRC) has identified yet another significant new web attack -- the latest in a genre of crimeware that threatens to turn highly trusted web sites into insidious traps for unwary visitors. More than 10,000 websites in the US were infected in December by this latest malware. The attack, which Finjan has designated "random js toolkit," is an extremely elusive crimeware Trojan that infects an end user's machine and sends data from the machine via the Internet to the Trojan's "master", a cybercriminal. Data stolen by the Trojan can include documents, passwords, surfing habitats, or any other sensitive information of interest to the criminal.

The random js toolkit was detected using Finjan's patented real-time code inspection technology while diagnosing users' web traffic during December 2007. The attack is described in detail in Finjan's latest "Malicious Page of the Month" report released today. The report explores the new attack vector in depth, providing an illustration of the attack in action, as captured "in the wild"; an analysis of the effectiveness of its evasive techniques; examples of high-ranked and trusted domains that were compromised by this attack technique; and an analysis of a successful exploitation. To download the report, visit http://www.finjan.com

The random js toolkit is a JavaScript code that is created dynamically and changes every time it is being accessed. As a result, it is almost impossible to be detected by traditional signature-based anti-malware products. Explained Finjan CTO Yuval Ben-Itzhak, "Signaturing a dynamic script is not effective. Signaturing the exploiting code itself is also not effective, since these exploits are changing continually to stay ahead of current zero-day threats and available patches. Keeping an up-to-date list of 'highly-trusted-doubtful' domains serves only as a limited defense against this attack vector."

"What's needed to counter this exploit is dynamic code inspection technology that can detect and block an attack in real time," Ben-Itzhak said. "This technology doesn't depend on the origin URL, signature or the site's reputation, but inspects the Web content in real-time, as served. It analyzes the code's intentions before enabling it be executed on the end-user browser."

Over 30,000 new infected web pages are being created every day

Ben-Itzhak noted that the random js toolkit is an example of the recent trend among cybercriminals to undermine 'trusted' web sites. "In mid-year 2007, studies showed there were nearly 30,000 new infected web pages being created every day. About 80 percent of those pages hosting malicious software or containing drive-by downloads with damaging content were located on hacked legitimate sites. Today the situation is much worse."

The random js attack is performed by dynamic embedding of scripts into a webpage. It provides a random filename that can only be accessed once. This dynamic embedding is done in such a selective manner that when a user has received a page with the embedded malicious script once, it will not be referenced again on further requests. This method prevents detection of the malware in later forensic analyses.

Finjan's research into the random js toolkit found that around 10,000 legitimate domains served the malicious code in December. Among the infected web sites, Finjan identified highly trusted domains. Finjan alerted administrators of both sites, and the malicious code was subsequently removed from the sites and is no longer active.

About MCRC

Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC's goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world's leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan's proactive web security solutions. For more information, visit our MCRC subsite: http://www.finjan.com/SecurityLab.aspx?id=547

About Finjan

Finjan is a global provider of web security solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan's real-time web security solutions utilize patented behavior-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans and obfuscated malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan's award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: http://www.finjan.com.

(c) Copyright 1996-2007. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved. All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.

Media Contacts United States UK Jan Wiedrick-Kozlowski Neil Stinchcombe Activa PR Eskenzi PR Ltd. Tel. +1-585-392-7878 Tel: +44(0)208-449-1007 jan@activapr.com neil@eskenzipr.com

Media Contacts: United States UK, Jan Wiedrick-Kozlowski Neil Stinchcombe, Activa PR Eskenzi PR Ltd., Tel. +1-585-392-7878 Tel: +44(0)208-449-1007, jan@activapr.com neil@eskenzipr.com