Finjan, which develops web security products, today announced that its patented real-time code inspection technology is the only web security product that detected malicious code on a potentially destructive web page propagated by a malicious Russian website earlier this month.
Finjan subsequently communicated its discovery of the malicious code to an independent online security industry benchmark website, VirusTotal.com, which benchmarked the code against 32 well-known web security products. Upon completion of the benchmark, VirusTotal established that the entire list of products failed to detect the code as malicious and as a result did not block it. Finjan’s Vital Security Web Appliance was the only security solution that managed to detect and block the code in real-time, without any product update or signature.
“The findings of this online benchmark test underscore significant trends that we are seeing on the web today: threats are growing more sophisticated and the task of keeping track of dynamic, malicious web content is becoming more difficult,” said Finjan Chief Technology Officer, Yuval Ben-Itzhak. “The online VirusTotal benchmark points to the superiority of our patented real-time code inspection technology -- which detects malicious code by inspecting it in real-time and ‘understanding’ what the code intends to do before it does it -- over other vendors’ products that rely on database updates to detect malware.”
The malicious code detected is discussed in detail in Malicious Page under Benchmark, a report from Finjan’s Malicious Code Research Center (MCRC). The malicious code exploits various browser vulnerabilities and uses AJAX technology to download and execute malicious code from a remote server. Simply by visiting this page, without taking any action, the visitor’s machine is infected.
Ben-Itzhak noted that an important aspect of the benchmarked page was its use of dynamic code obfuscation to hide the malicious code. The increased use of dynamic code obfuscation was the focus of Finjan’s Q4 2006 Web Security Trends Report. “This technique is increasingly popular among hackers as a way to create malware that eludes traditional signature-based solutions like anti-virus and URL filtering,” he said. “By detecting and blocking obfuscated malicious code in real-time, our technology offers a critical advantage in protecting against today’s dynamic web threats.”