Finjan Identifies the Latest Cybercrime Business Model – CaaS

In its Q1 2008 Web Security Trends Report, Finjan signals Crimeware-as-a-Service as the latest development in the ongoing commercialization of cybercrime

San Jose, CA, USA, April 7, 2008

Finjan Inc., a leader in secure web gateway products, today announced important findings by its Malicious Code Research Center (MCRC) identifying and analyzing the latest trends in the ongoing commercialization of cybercrime.

Criminals have started to use online cybercrime services instead of having to deal themselves with the technical challenges of running their own Crimeware server, installing Crimeware toolkits or compromising legitimate websites.

“Currently, we see the rise of the Crimeware-as-a-Service (CaaS) business model in the Crimeware-toolkit market. Cybercriminals and criminal organizations are getting better and better at protecting themselves from law enforcement by using the Crimeware services, especially since the operator does not necessarily conduct the criminal activities related to the data that is being compromised but only provides the infrastructure for it,” said Yuval Ben-Itzhak, CTO of Finjan.

As with mainstream software providers, the creators and owners of these Crimeware toolkits provide their customer base with update mechanisms while tooling them with sophisticated, anti-forensic attack techniques, as well as the ability to manage and monitor malicious code affiliation networks. It enables a new level of Crimeware availability by supplying anyone willing to purchase an easy-to-use Crimeware toolkit.

During 2007, Finjan’s MCRC covered the trend of new Crimeware that purely focuses on financial gain, as well as the way it works to get revenue out of each infection. In this report, MCRC shows how the delivery and distribution of malware have been upgraded to deliver a different type of malware to different geographical regions.

“Cybercriminals can now generate more targeted infections and deliver specialized Crimeware for specific geographical regions,” Ben-Itzhak said. “Our report illustrates how these criminals are employing marketing and sales techniques to address the cybercrime economy and ensure that the market they are after gets the proper “product” localized for it.”

Finjan foresees the next phase in the commercialization process as creating a service for getting straight to stolen data by providing the victim data tailored to the criminal intent. Having such a service eliminates the need for attackers to even have to log-in to manage an attacker profile on a Crimeware-toolkit platform.

Concludes Ben-Itzhak: “The trends described in this report confirm that the security industry and law enforcement agencies should take an innovative approach in handling these Crimeware commercialization threats. Cybercriminals continue to adapt legitimate technologies and business models to support their criminal activities.”

About MCRC
Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet applications, as well as other popular programs. MCRC’s goal is to stay steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as Spyware, Trojans, Phishing attacks, worms and viruses. MCRC shares its research efforts with many of the world’s leading software vendors to help patch their security holes. MCRC is a driving force behind the development of next generation security technologies used in Finjan’s proactive web security solutions. For more information, visit our MCRC subsite.

About Finjan
Finjan is a global provider of web security solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan’s real-time web security solutions utilize patented behavior-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans and obfuscated malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan's security solutions have received industry awards and recognition from leading analyst houses and publications, including IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.

© Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved.
All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by other U.S. Patents, foreign patents, or pending applications.
Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.

Media Contacts