Information Security Bulletin

Web-based Spyware Hits to Pass the Million a Year Mark

29 Jun 01:47

Finjan is advising enterprise CIOs that web-based spyware is the number one threat to their businesses.

Finjan's Malicious Code Research Centre (MCRC) estimates - based on a number of security audits conducted at large organisations and businesses - that a single enterprise can expect on average over million instances a year of employees accessing Websites carrying spyware and other malicious content by 2007.

Spyware continues to attract a great deal of attention, but the threat should not be underestimated. It is not only designed to get around traditional technological defences, but also designed to take advantage of how employees use technology. An often invisible threat until too late, spyware code is deliberately designed to download itself unseen via a website page or email attachment.

Spyware can then be used to:

Create "spam bomb" style threats
Use enterprises networks and computing power to generate large-scale phishing campaigns
Launch viruses from behind the firewall
Send data (e.g. bank account information) back to its creator
Enable access to a business network whenever the spyware owner feels like logging on and taking a look
Lie uncovered until a specific date, when it completely crashes and destroys vital files or brings down the infrastructure
Initiate an attack on internal enterprise servers from the inside
Launch other forms of security threat

Finjan's Vital Security Web Appliances utilise patented behaviour-based technology to proactively repel all types of web-borne threats. The Finjan appliances protect against new and unknown attacks long before traditional anti-virus companies can release a signature update or software vendors can patch their solutions. In addition, Finjan's Malicious Code Research Centre (MCRC) enables customers to continuously benefit from early discovery of new software vulnerabilities prior to the availability of software patches with its Vulnerability Anti.doteTM engine in its Vital Security Web Appliance solutions.
[Despite the extraordinarily wide range of capabilities Finjan endows spyware with, this is a threat to be taken very seriously. I wonder whether they confuse "Trojan" with "Spyware" - of course Finjan is remembered as the company that wanted their customers to believe that heuristics were all the virus protection they would ever need. I still remember the Virus L forum discussions... --Ed].

Related links: (Open in a new window.)
www.finjan.com

View printable version (opens in new window)
Back

Search ISB News:

Not yet sure you want to subscribe? Download a free sample copy!

Download the much quoted October Editorial

Portal Frontpage
Web Editorial
About This Portal
Contact Info

IS Alerts
General News
Product News
Vendor News
People News
Literature
Events
CHI News

Subscribe Online
About ISB
Publishing in ISB
Advertising in ISB
PR Information

In the current issue:

Security Architectures
Review of the Bluetooth Security Architecture
Dave Singelée & Bart Preneel

Rights Management
The Future of Enterprise Rights Management
Gunter Bitz

SOA Security
Services Oriented Architecture Security and Deperimeterisation
John Sluiter

Subscribe Online!