Category: Uncategorized
- Published: 29 November -0001
In its latest research findings, Finjan unveils how its SecureBrowsing™ in-the-cloud system detected over 1,000 compromised unique website domains
Farnborough, United Kingdom, July 25th, 2008 – Finjan Inc., a leader in secure web gateway products, today announced in its latest blog that its SecureBrowsing™ in-the-cloud security tool detected over 1,000 unique website domains that were compromised by a new round of mass Web attacks that started during July 2008. The attack toolkit being used by the attackers is aliased “Asprox”, and has been around for some years gaining cybercrime popularity during 2007. This attack toolkit is designed to first search Google for webpages with the file extension [.asp]. Once found, it launches SQL injection attacks to append a reference to the malware file using the iframe tag, which makes it a highly efficient Crimeware tool. Each of the compromised domains included a reference to a malware that was served by over 140 different domains across the Internet.
“Since the list of these malware serving domains increases every day, we believe this is just the tip of the iceberg for the scope and impact of this attack,” said Yuval Ben-Itzhak, CTO of Finjan. “Among the compromised websites we found were those of respectable organizations, governmental institutes, healthcare organizations as well as high-ranked websites. It shows again the resourcefulness and flexibility of cybercriminals. It requires proactive security solutions to safeguard organizations against these kinds of mass Web attacks.”
Finjan’s research indicates that the malicious code is still being served by most of the websites and the “Asprox” toolkit is still in use at July 13, 2008.
Finjan’s findings contain examples of compromised websites of organizations and businesses in the following categories:
- Shopping/Lifestyle (15%) - Computing and Internet (15%) - Government (13%) - Healthcare (12%) - Advertisement (13%) - Other (32%)The compromised websites were detected using Finjan’s patented active real-time code inspection technology. The findings are described in Finjan’s latest research blog published today. To access the blog, please visit http://www.finjan.com/MCRCblog.aspx
About Finjan
Finjan is a global provider of web security solutions for the enterprise market. Our real-time, appliance-based web security solutions deliver the most effective shield against web-borne threats, freeing enterprises to harness the web for maximum commercial results. Finjan’s real-time web security solutions utilize patented behavior-based technology to repel all types of threats arriving via the web, such as spyware, phishing, Trojans and obfuscated malicious code, securing businesses against unknown and emerging threats, as well as known malware. Finjan\'s security solutions have received industry awards and recognition from leading analyst houses and publications, including Gartner, IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek, Network Computing, and Information Security. With Finjan’s award-winning and widely used solutions, businesses can focus on implementing web strategies to realize their full organizational and commercial potential. For more information about Finjan, please visit: www.finjan.com.
© Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries. All rights reserved.
All text and figures included in this publication are the exclusive property of Finjan and are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, use or sell any part of its content in any way without the express permission in writing from Finjan. Information in this document is subject to change without notice and does not present a commitment or representation on the part of Finjan. The Finjan technology and/or products and/or software described and/or referenced to in this material are protected by registered and/or pending patents including U.S. Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892, 6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743, 7155744, 7185358 and may be protected by other U.S. Patents, foreign patents, or pending applications.
Finjan, Finjan logo, Vital Security, Vulnerability Anti.dote and Window-of-Vulnerability are trademarks or registered trademarks of Finjan Inc., and/or its affiliates and subsidiaries. All other trademarks are the trademarks of their respective owners.
