Finjan announced important findings by its Malicious Code Research Center (MCRC) which have identified a new genre of crimeware Trojans.
Utilizing regular Web 2.0 technology and websites to provide cybercriminals with an easy and scalable command and control scheme, the latest “Trojan 2.0” attacks exploit the trust that legitimate web services enjoy vis-a-vis reputation-based security services.
As such, they enable criminals to further capitalize on the web as the most effective attack vector for a wide range of illegitimate and malicious activities – including botnet delivery of spam, identity theft through keylogging, highly sophisticated financial fraud, corporate espionage, and business intelligence gathering.
“Criminals and attackers are arming their crimeware Trojans with new covert communication channels designed to evade detection by traditional security products,” said Finjan CTO Yuval Ben-Itzhak.
“Since this model uses legitimate websites and domains for distributing instructions to botnets, these communications appear as regular web traffic, and in most cases cannot be detected by enterprises’ existing security solutions. The advancements made in Trojan technology compel businesses to upgrade their web security solutions. Products that rely on real-time inspection and true understanding of the underlying web content, rather than reputation-based or signature-based solutions, are best equipped to handle these types of threats.”
New threats in 2008 will leverage advanced Web 2.0 techniques and services.
The latest report from Finjan MCRC also provides a forecast of what Finjan expects for the web security space in 2008.
As email-borne attacks continue to diminish – except for spam – and the web consolidates its claim as cybercriminals’ favorite vector of attack, the web channel will continue to evolve.
The stage is set for cybercriminals to leverage Web 2.0 technologies (e.g., RSS feeds, social networks, blogs and mashups) to reach new levels of technological sophistication.
New types of upgraded attacks, such as Trojan 2.0, will use the web as a control channel for communicating with botnets, taking advantage of the very trust that users have been conditioned to place in their traditional security vendors (e.g., anti-virus, URL reputation, etc).