Skip to main content

Finjan Identifies Trojan 2.0, New Genre of Crimeware

Finjan announced important findings by its Malicious Code Research Center (MCRC) which have identified a new genre of crimeware Trojans.

Utilizing regular Web 2.0 technology and websites to provide cybercriminals with an easy and scalable command and control scheme, the latest “Trojan 2.0” attacks exploit the trust that legitimate web services enjoy vis-a-vis reputation-based security services.

As such, they enable criminals to further capitalize on the web as the most effective attack vector for a wide range of illegitimate and malicious activities – including botnet delivery of spam, identity theft through keylogging, highly sophisticated financial fraud, corporate espionage, and business intelligence gathering.

“Criminals and attackers are arming their crimeware Trojans with new covert communication channels designed to evade detection by traditional security products,” said Finjan CTO Yuval Ben-Itzhak.

“Since this model uses legitimate websites and domains for distributing instructions to botnets, these communications appear as regular web traffic, and in most cases cannot be detected by enterprises’ existing security solutions. The advancements made in Trojan technology compel businesses to upgrade their web security solutions. Products that rely on real-time inspection and true understanding of the underlying web content, rather than reputation-based or signature-based solutions, are best equipped to handle these types of threats.”

New threats in 2008 will leverage advanced Web 2.0 techniques and services.

The latest report from Finjan MCRC also provides a forecast of what Finjan expects for the web security space in 2008.

As email-borne attacks continue to diminish – except for spam – and the web consolidates its claim as cybercriminals’ favorite vector of attack, the web channel will continue to evolve.

The stage is set for cybercriminals to leverage Web 2.0 technologies (e.g., RSS feeds, social networks, blogs and mashups) to reach new levels of technological sophistication.

New types of upgraded attacks, such as Trojan 2.0, will use the web as a control channel for communicating with botnets, taking advantage of the very trust that users have been conditioned to place in their traditional security vendors (e.g., anti-virus, URL reputation, etc).

Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.