‘By detecting and blocking obfuscated malicious code in real-time, our technology offers a critical advantage in protecting against today’s dynamic web threats’ – Finjan’s Yuval Ben-Yitzhak.With more and more personal information, such as credit card numbers, social security numbers, passwords …
Think you’re safe if you don’t visit sites from the Third World or adult-oriented sites or download files off the Internet? Don’t be so sure. According to a newly released Israeli study, most of the URLs containing malicious code – which enable hackers to steal information from the sites – originate in the United States and appear in advertising, as well as many legitimate websites frequented on a daily basis such as news and finance.
The research was conducted by the Malicious Code Research Center (MCRC) of Israeli company Finjan, a global provider of web security solutions for businesses and organizations. MCRC’s goal is to continue to be steps ahead of hackers attempting to exploit open platforms and technologies to develop malicious code such as spyware, Trojans, phishing attacks, worm and viruses.
“The results of this study shatter the myth that malicious code is primarily being hosted in countries where e-crime laws are less developed,” said Yuval Ben-Itzhak, CTO at Finjan. “Our research shows that malicious content is much more likely to show up on a local server than one in Asia or Eastern Europe.”
According to the study, advertising is the leading category for URLs containing malicious code, representing 80% of all instances. Similarly, when analyzing malicious content in terms of the URL website categories, Finjan found that malicious code is just as likely to be accessed through legitimate websites (e.g. finance, travel and computing) as through what might be considered disreputable websites (e.g. adult content or free downloads).
“The fact that malicious code is just as likely to be found in legitimate categories as in questionable categories means that security products that rely solely on URL categories to block access to malicious sites are no longer effective,” said Ben-Itzhak.
According to CNet, in just one security breach at an American credit-card processing company in 2005, an intruder got access to names, account numbers, and verification codes for over 40 million credit cards that could be used to commit fraud. In Sweden, a sophisticated Trojan horse program was able to break into private accounts and steal 8 million Swedish kronor ($1.1 million) from the Nordea Internet bank over a period of 15 months.
That’s where Finjan’s security products come in to play. While many individuals and companies still rely on outdated and inefficient virus and spyware scanners which check websites off a list of pre-approved and dangerous sites and scan for specific code, Finjan is taking network security to a whole new level.
Instead of relying on reactive technologies such as filters and lists, Finjan utilizes patented proactive real-time content inspection technology.
“Everywhere you go, everywhere you browse, our product will inspect that code in real time and figure out what the site is going to do and block it based on that,” Ben-Itzhak told ISRAEL21c.
Among Finjan’s satisfied customers include huge companies like Delta and Disney, as well as outdoor-equipment chain REI and the Munich International Airport. Finjan’s security solutions have received industry awards and recognition from leading analyst houses and publications, including ITWeek and Information Security.
“Choosing Finjan as a key security partner means we don’t have to worry about Spyware and other intrusive software programs impacting our productivity,” said Brad Brown, the vice president of e-commerce for REI.
Given its potential for significant damage and the fact that it’s illegal in most of the world, why do people create viruses and spyware? According to Ben-Itzhak, today’s hackers are not simply out for a few moments in the spotlight, but rather cold hard cash.
“Malicious code and e-crime is really a business today,” he explained. “It’s no longer a 15 year old kid waiting for fame. Today it’s something completely different and this is why most people think everything is OK because hackers have changed their focus and are motivated by money. They are focused on installing the malicious code on your machine. The computer will still run [unlike previous attempts to create crippling viruses] but today hackers are looking at your computer, stealing passwords and credit card numbers and selling them.”
In addition, hackers and creators of malicious code will often pay website operators a small amount of money to embed spyware on their site which is then installed on the users’ computers where it can sift through and steal sensitive and personal information and sell them or engage in other criminal acts using your data.
Using real time scanning, Finjan is able to protect data when others can’t, Ben-Itzhak explained. An experiment conducted at the end of March by independent security-industry benchmark website VirusTotal.com attempted to simulate a malicious attack using a long-known source of malicious code on computers. Competing with 32 rivals, only Finjan’s Vital Security Web Appliance detected and blocked the malicious code in VirusTotal’s tests. The computers running other products were all comprised – resulting in potential data loss and theft.
“By detecting and blocking obfuscated malicious code in real-time, our technology offers a critical advantage in protecting against today’s dynamic web threats,” said Ben-Itzhak.
And, as a bonus, he added, the user won’t feel any slowdown.
“Because we have thousands of users, our technology currently just delays the traffic 20 milliseconds. That’s just one-fifth of a second,” he said. “With a false positive rate of just 0.01percent, the end user experience has no impact.”
Founded in 1996, Finjan attracts some of Israel’s top programmers and scientists, many of whom, like Ben-Itzhak himself, are graduates from elite intelligence units in the Israeli army.
Why does only Finjan’s real time scanning actually detect threats and prevent intrusion? Ben-Itzhak has the last word. “We always have antivirus programs on our machines but we all get infected for the same reason. The hackers have the same technology. Only Finjan has the capability and technology to analyze the ‘intention’ of the code in real-time prior to its execution. Other products are ‘the product of yesterday, not today.’”