Rogue Anti-Spyware, Ransomware and Rootkits Latest in Cybercrime

Web Security Trends Report from Finjan’s Malicious Code Research Center
Outlines the Latest Web Threats

San Jose, CA - May 16, 2006

Finjan Inc., the global provider of best-of-breed proactive web security solutions for businesses and organizations, today announced the findings from its latest Web Security Trends Report, as published by Finjan’s Malicious Code Research Center (MCRC).  Some web threats heading the list are Rogue Anti-Spyware, Ransomware and Rootkits, all of which pose a real danger to Internet users.

Rogue Anti-Spyware Program in Security Portal
Rogue anti-spyware programs encourage people to download the program to rid their computers of malware.  Users, under the impression that their computers are being scanned and cleaned, are in fact infecting their machines with spyware or adware. The application claims that it removes unwanted malicious programs and even scans a user’s machine and “finds” existing spyware.  Users are then directed to a website that pushes them to purchase a full version of the anti-spyware software.  Users are offered an option for a free download, however when the user wishes to clean his/her system from the “found” malware, he/she has to purchase the full version of the program even though their computer was never really infected.

Ransomware
In a recent case, a ransom was demanded by hackers who managed to install Spyware (Called CryZip) on the victim’s computer.  The spyware takes personal files hostage until a ransom is paid ($300 was requested).  The spyware uses archive software (like Zip) and creates a password protected archive which includes the victim’s personal files.  The Spyware leaves a text message on a victim’s machine explaining what was done and warns the victim not to approach the police and just pay the ransom.  The victim gets the password to the archived files only after the ransom is paid.

Rootkits
Another emerging trend is the use of Rootkits.  A Rootkit can be used by attackers after gaining control of the victim’s computer.  These tools hide the existence of running processes, files, directories, registry keys and other system objects from detection by host-based security software, as well as hiding the attacker’s presence on the victim's computer.  A Rootkit helps the attacker to maintain access to the victim’s machine without the victim’s knowledge. There are two types of Rootkits:  User-Mode Rootkits and Kernel-Mode Rootkits.

• User-Mode Rootkits manipulate critical components of the victim machine’s operating system.  The attacker can use a Trojan horse program which is disguised to look like Operating System programs (with hidden capabilities) and thereby gain full control over the victim’s machine.
• Kernel-Mode Rootkits manipulate function calls, and are hard to detect using Anti-Virus/Anti-Spyware applications.

Full explanations of the latest cyber threats can be found in Finjan’s Web Security Trends Report issued by its Malicious Code Research Center.  Also available from Finjan MCRC is a Malicious Content In The Wild Report, which presents examples of malicious code in the wild, as detected by MCRC’s experts.  “Our Security Center is dedicated to the research and detection of web threats, and we monitor cybercrime as it’s happening -- 24x7x365 around the world,” said Yuval Ben-Itzhak, CTO of Finjan.

“Our goal is to stay steps ahead of hackers attempting to exploit computer platforms and technologies, in order to protect our customers from the next malware to be developed,” continued Ben-Itzhak.  “In the course of our work, we collect a wealth of information that is invaluable not only to our customers, but also to the wider IT security community. The Web Security Trends Report is our vehicle for making that critically important information immediately and continuously available.”

"Armed with the knowledge we are disseminating through this and other reports, organizations can meet the growing web threat by adopting intelligent, proactive security solutions, such as behavior-based detection and countering of malicious content, on top of their current traditional security infrastructure,” Ben-Itzhak concluded.

About MCRC
Malicious Code Research Center (MCRC) is the leading research department at Finjan, dedicated to the research and detection of security vulnerabilities in Internet and email applications as well as other popular applications.  MCRC’s goal is to continue to be steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as spyware, Trojans, phishing attacks, worm and viruses.  MCRC researchers work with the world’s leading software vendors to help patch their security holes, as well as contribute to the development of next generation defense tools for Finjan’s proactive secure content management solutions.  For more information, visit our MCRC subsite.

About Finjan
Finjan is a global provider of best-of-breed web security solutions for businesses and organizations, protecting millions of users from known and unknown threats.  Finjan uses its patented behavior-based security technologies to determine actual code behavior and block any action that violates an organization’s predefined security policy, therefore surpassing the levels of defense offered by reactive and signature-based anti-virus and intrusion detection solutions.  This superior technology enables Finjan to proactively repel all types of web-borne attacks, securing businesses against known, unknown and emerging threats.  Finjan's security solutions have received industry awards and recognition from leading analysts and publications including IDC, Butler Group, SC Magazine, CRN, PCPro, ITWeek, and Information Security.  For more information about Finjan and its proactive protection solutions against threats driven by mobile malicious code, please visit: www.finjan.com.

© Copyright 1996 - 2006. Finjan Inc. and its affiliates and subsidiaries. All rights reserved.
All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662 and 6965968.
Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its subsidiaries. Sophos is a registered trademark of Sophos plc. McAfee is a registered trademark of McAfee Inc. Kaspersky is a registered trademark of Kaspersky Lab. SurfControl is a registered trademark of SurfControl plc. Secure Computing is a registered trademark of Secure Computing Corporation. Microsoft and Microsoft Office are registered trademarks of Microsoft Corporation.  All other trademarks are the trademarks of their respective owners.

Media Contacts: