Finjan Vital Security™ Web Appliance Was the Only Web Security Product to Detect and
Block Potentially Destructive Web Attack without Product Update or Signature

Online Benchmark Test of Malicious Code Against 32 Web Security Products Shows
Superiority of Finjan’s Real-Time Code Inspection Technology

San Jose, CA, USA, March 28, 2007

Finjan, a leader in web security products, today announced that its patented real-time code inspection technology is the only web security product that detected malicious code on a potentially destructive web page propagated by a malicious Russian website earlier this month.  Finjan subsequently communicated its discovery of the malicious code to an independent online security industry benchmark website, VirusTotal.com, which benchmarked the code against 32 well-known web security products. Upon completion of the benchmark, VirusTotal established that the entire list of products failed to detect the code as malicious and as a result did not block it. Finjan’s Vital Security Web Appliance was the only security solution that managed to detect and block the code in real-time, without any product update or signature.

“The findings of this online benchmark test underscore significant trends that we are seeing on the web today: threats are growing more sophisticated and the task of keeping track of dynamic, malicious web content is becoming more difficult,” said Finjan Chief Technology Officer, Yuval Ben-Itzhak.  “The online VirusTotal benchmark points to the superiority of our patented real-time code inspection technology -- which detects malicious code by inspecting it in real-time and ‘understanding’ what the code intends to do before it does it -- over other vendors’ products that rely on database updates to detect malware.”

The malicious code detected is discussed in detail in Malicious Page under Benchmark, a report from Finjan’s Malicious Code Research Center (MCRC).  The malicious code exploits various browser vulnerabilities and uses AJAX technology to download and execute malicious code from a remote server. Simply by visiting this page, without taking any action, the visitor’s machine is infected.

Ben-Itzhak noted that an important aspect of the benchmarked page was its use of dynamic code obfuscation to hide the malicious code. The increased use of dynamic code obfuscation was the focus of Finjan’s Q4 2006 Web Security Trends Report. “This technique is increasingly popular among hackers as a way to create malware that eludes traditional signature-based solutions like anti-virus and URL filtering,” he said.  “By detecting and blocking obfuscated malicious code in real-time, our technology offers a critical advantage in protecting against today’s dynamic web threats.”

About MCRC
Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC’s goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world’s leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan’s proactive web security solutions. For more information, visit our MCRC subsite.

About VirusTotal
VirusTotal is an online service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. VirusTotal is a service developed by Hispasec Sistemas, an independent IT Security laboratory, which uses several command line versions of antivirus engines, updated regularly with official signature files published by their respective developers. For more information, visit www.virustotal.com.

About Finjan
Finjan is a global provider of best-of-breed web security solutions for businesses and organizations.  Our proactive, appliance-based solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results.  Finjan’s web security solutions utilize patented behavior-based technology to proactively repel all types of threats arriving via the web, such as Spyware, Phishing, Trojans and other malicious code, securing businesses against unknown and emerging threats, as well as known malware.  Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including IDC, Butler Group, SC Magazine, CRN, PCPro, ITWeek, and Information Security.  With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential.  For more information about Finjan, please visit: www.finjan.com.

© Copyright 1996-2007. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved.
All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by other U.S. Patents, foreign patents, or pending applications.
Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.

Media Contacts