New Elusive Trojan Spreads to Several Thousand Websites

San Jose, Calif.-based Finjan Inc., vendor for anti-crimeware solutions and real-time secure gateway, said that its MCRC (Malicious Code Research Center) warned computer users that cyber criminals are all set to create trojans that would specifically exploit social networking Websites and Web 2.0 technologies.

The attacking malware, which Finjan described as a "random js toolkit", is a highly elusive Trojan capable of infecting a user's system and then sending data from it over the Internet to the Trojan's creator.

Finjan said that the 'random js toolkit' is a dynamically created JavaScript code that changes each time it is accessed. For this reason, no conventional signature-based anti-malware solutions can detect it.

Finjan's recent report, "Malicious Page of the Month", has elaborate description on this attack code, as reported by eChannelline on February 11, 2008. The report also states that enterprises should adopt real-time inspection methods. These methods will protect computer users from Web threats of this kind and also analyze every part of the Web material irrespective of its context, appearance, and URL.

According to Finjan Inc., attempts to design malicious program and develop signature software, or to classify known malware-hosting sites, are simply too late and insufficient in terms of providing adequate security against modern evasive and dynamic Web threats, as reported by eChannelline on February 11, 2008.

Estimating the count of malware attacks, Yuval Ben-Itzhak, indicated that over 10,000 legitimate Websites were contaminated during December 2007 as a result of the random js toolkit.

Ben-Itzhak also added that the technology performs regardless of the source of URL, Website or signature's reputation, but examines the content of Web in real-time. He further said that it analyzes the intentions of the code prior to its run on the user's browser.

Ben-Itzhak also pointed out that the toolkit applies three distinct and simple-to-use methods of concealment in order to escape from detection. He further said that it is continuing to deliver malware to end-users. From December 2007 to January 2008, researchers with Exploit Prevention Lab, now merged into Grisoft, discovered that the Websites of the National Hockey League and Major League Baseball hosted harmful banner ads.

Related article: New Zealand Releases Code To Reduce Spam

» SPAMfighter News - 2/21/2008