Skip to main content

Finjan Warns on Crimeware Targeting Businesses’ Data

Yuval Ben-Itzhak, the CTO of Finjan, a leader in secure web gateway products, has warned IT managers in companies of all sizes to be on the look-out for a wave of Trojans, and to protect their IT resources and business data against this growing form of crimeware.

Ben-Itzhak's warning comes in the wake of reports of a $1,000 crimeware development kit, including a Trojan, being sold to would-be hacker criminals.

The new variant, “Prg”, researched by Finjan’s Malicious Code Research Center (MCRC) and also noted by Don Jackson of managed security specialist SecureWorks, relays sensitive data collected during employees’ online activity to hacker websites, using SSL-encrypted format. Finjan’s MCRC found criminals’ servers in Panama.

Jackson's research suggests that the crimeware has been modified using a Trojan development kit to listen for hacker commands on a special TCP/IP port. These commands allow the hacker to gain remote control of the compromised system. Jackson’s analysis of log files on the servers storing the stolen data found that information was coming from corporate PCs, as noted in his report.

"This trend highlights the alarming growth of crimeware toolkits being sold to criminals by hackers. Such crimeware is focusing on stealing sensitive business data and sending it back to criminals’ servers over encrypted communication channels like SSL, in order to go undetected", said Ben-Itzhak.

Ben-Itzhak went on to say that, “IT managers need to be aware of this latest evolution in crimeware, as Finjan’s research confirms that attempts to pattern malicious code and create signatures, or to categorize known malicious sites, are clearly “too little, too late” when it comes to providing adequate protection to today’s dynamic and evasive web threats.

The way to detect modern malicious code is to be able to understand in real-time what the code intends to do, before it does it,” concludes Ben-Itzhak.

Finjan offers the following advice for corporate users:

- Check your vendor’s research capabilities and their ability to provide up-to-date information which is immediately translated into actionable security measures.

- Examine your egress data policy to make sure that you cover all known and suspicious sites.

- Make sure that real-time inspection and protection is added to your web security solution. Chasing the attack vectors after the event is always “too little, too late”, particularly if you get hit by a new Trojan that your security solution does not recognize.

- Make sure that your security solution is updated to handle new technologies and trends. Security products should protect you from the vulnerabilities rather than just attacks and exploits.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.