Malicious Code on Storage and Caching Servers and Web 2.0 Security Risks Named as
Top Malware Threats in Newly Released Web Security Trends Report from Finjan

Latest Internet Advancements Open Floodgates for Web Security Issues

San Jose, California, USA, October 11, 2006

Finjan Inc., the global provider of best-of-breed proactive web security solutions for businesses and organizations, today announced its findings on the latest web security trends as uncovered by its Malicious Code Research Center (MCRC). In its Web Security Trends Report (Q3 2006) , Finjan presents new findings related to malicious code found on storage and caching servers, as well as insights into trends related to sophisticated new threats that target Web 2.0 platforms and technologies. The report also includes a follow-up story showing additional examples of “vulnerabilities for sale,” as exposed in Finjan’s previous Web Security Trends Report, released in July, which focused on the commercialization of malicious code and a widening black market. 

Malicious Code in Cached Web Pages Served by Storage and Caching Servers
The new report details Finjan’s discovery of malicious content residing in cached web pages on storage and caching servers, such as those used by ISPs, enterprises and leading search engines . “This malicious code can be referenced by third-party web pages and can be used to exploit an end user’s machine,” said Yuval Ben-Itzhak, Finjan’s Chief Technology Officer. “Even if the malicious site has been taken down, its malicious content is still stored and served by the caching servers. The exploit can result in the installation of Spyware, Trojans, and other malware that compromise a user’s privacy and identity.” 

The report presents several instances of malicious code found by Finjan security researchers on public storage and caching servers . “This is more than just a theoretical danger,” Ben-Itzhak said. “Owing to this exploit, it is possible that storage and caching servers could unintentionally become the largest ‘legitimate’ storage venue for malicious code. Such ‘infection-by-proxy’ introduces new risks for businesses and consumers.” Ben-Itzhak noted that as the number of malicious sites continues to increase, it is important to raise users’ awareness regarding the potential dangers that may be lurking in cached web pages. 

Finjan has provided the search engines and service providers with full technical details of the discovery, and is conducting a dialogue with these companies in order to assist them in resolving the issue. Some examples of malicious code found on storage and caching servers are presented here. Details of MCRC’s disclosure policy can be found on Finjan’s MCRC website. 

Compromised Web 2.0 Security and Querying the “Hidden Web”
Another newly discovered web security threat centers on the use of Web 2.0 and AJAX ( Asynchronous JavaScript and XML) technologies for malicious activities. While Web 2.0 and AJAX offer an enriched and improved user experience for Internet users, the technology also flings open the door to new malware propagation methods. “ By targeting high-traffic web sites, hackers have found an easy way to achieve mass propagation,” Ben-Itzhak said. “By either embedding malicious code in hosted Web content or by using AJAX to query the ‘hidden web’, hackers can create ‘invisible’ attacks since the code is never revealed on the site.” 

Ben-Itzhak noted that in order to protect users from malicious AJAX queries, enterprises require security solutions that are capable of analyzing each web request/reply “on the fly.” “Behavior-based analysis of web content, performed on the gateway between the browser and web servers, is one effective method for doing this,” he said. “A further advantage of behavior-based security is that it analyzes each and every piece of content, regardless of its original source. This technology assures that malicious content will not enter the network even if its origin is a highly trusted site.”

Growth in the Commercialization of Malicious Code
In the previous Web Security Trends Report, Finjan discussed the trend towards commercialization of malicious code. Finjan’s latest report discloses a new twist to the sale of vulnerabilities. Finjan researchers uncovered a company which looks for unknown bugs/flaws in security products (e.g., ZoneAlarm Pro, Norton Personal Firewall). 

Detailed descriptions of these latest cyber threats are provided in the Web Security Trends Report, as well as examples of malicious code in the wild, as detected by Finjan’s Malicious Code Research Center. Ben-Itzhak concluded: “The information gathered by our MCRC and made available through our Web Security Trends Report helps our customers, as well as the entire IT security community at large, meet growing cyber threats and counter malicious content.” 

About MCRC
Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet and email applications as well as other popular applications. MCRC’s goal is to continue to be steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as spyware, Trojans, phishing attacks, worm and viruses. MCRC researchers work with the world’s leading software vendors to help patch their security holes, as well as contribute to the development of next generation defense tools for Finjan’s proactive secure content management solutions. For more information, visit our MCRC subsite. 

About Finjan
Finjan is a global provider of best-of-breed web security solutions for businesses and organizations. Our proactive, appliance-based solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan’s web security solutions utilize patented behavior-based technology to proactively repel all types of threats arriving via the web, such as Spyware, Phishing, Trojans and other malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications including IDC, Butler Group, SC Magazine, CRN, PCPro, ITWeek, and Information Security. With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com. 

© Copyright 1996-2006. Finjan Inc. and its affiliates and subsidiaries. All rights reserved.
All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469 and may be protected by other U.S. Patents, foreign patents, or pending applications.

Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. Sophos is a registered trademark of Sophos plc. McAfee is a registered trademark of McAfee Inc. Kaspersky is a registered trademark of Kaspersky Lab. SurfControl is a registered trademark of SurfControl plc.  Microsoft and Microsoft Office are registered trademarks of Microsoft Corporation. All other trademarks are the trademarks of their respective owners.

Media Contacts