Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Finjan reveals increase in crimeware toolkit usage

Finjan Software : 05 September, 2007  (Technical Article)
Finjan's SecureBrowsing plug-in detects significant increase in the use of crimeware toolkits during August
Finjan has announced that its Finjan SecureBrowsing has uncovered a growing number of specific cases of crimeware toolkits (malicious code software packages) used by criminals in August, more than in the previous three months combined. The increased usage of crimeware toolkits by cybercriminals was forecasted by Finjan in its recently published quarterly and monthly reports.

Finjan SecureBrowsing is a leading browser plug-in that adds safety ratings to URLs of search results, Web 2.0 and other popular websites. Leveraging the same patented real-time content inspection technology as implemented in Finjan's Secure Web Gateway solutions, Finjan SecureBrowsing identified 10 different types of crimeware toolkits in August alone. These crimeware toolkits are being sold by hackers for only a few hundred dollars, and are being used by criminals on the web today.

August's crimeware toolkit list includes the known MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2 and MultiExploit toolkits, as well as new toolkits such as random.js, vipcrypt, makemelaugh and dycrypt.

Each of these crimeware toolkits is being updated frequently to include recent exploits and new anti-forensic techniques that allow them to bypass and escape detection by traditional signature, reputation and URL based security products. The dozens of versions for each of the crimeware toolkits provide the basis for hundreds of unique toolkits in use by cybercriminals today. The dramatic increase in the use of these crimeware toolkits was forecasted in Finjan's Malicious Page of the Month report for May 2007.

Finjan SecureBrowsing has also identified dozens of active criminals using these crimeware toolkits. As indicated in its Malicious Page of the Month report for July 2007, Finjan detected 58 criminals which have used the MPack toolkit to successfully infect over 500,000 unique users in a single month.

During August, Finjan SecureBrowsing alerted users to crimeware found on compromised financial and government sites as well as on many top-ranked portals and Web 2.0 sites. On a single day during August, Finjan SecureBrowsing issued alerts on 300 MySpace unique profiles referencing potentially malicious content on profile layouts.

In addition, Finjan SecureBrowsing identified six active affiliation programs (iframedollar, iframebiz, iframe911, iframestat, Neon, Vera) that typically pay website owners for infecting their visitors with crimeware. Such affiliation programs utilize the “iframe method described in detail in Finjan's Web Security Trends Report Q2 2007. Each affiliation program is present on hundreds of websites infecting their visitors for cash.

The prevalence of code obfuscation -- a technique commonly used to bypass traditional signature, reputation and URL based solutions that was predicted in Finjan's Web Security Trends Report Q4 2006 -- is also on a constant rise. An analysis of the Finjan SecureBrowsing data indicates that more than 90% in the use of code obfuscation to infect end-user PCs with crimeware.

In addition, as recently noted on ZDNet post, Finjan SecureBrowsing successfully alerted users to a crimeware toolkit used on the compromised Bank of India website, known as the IcePack toolkit.

Finjan SecureBrowsing is available for download at from the Finjan website.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   Â© 2012 ProSecurityZone.com
Netgains Logo