Finjan Reveals Hackers are abusing Trusted Domain Names
December 2007 by Marc Jacob
Finjan Inc. announced has warned companies of all sizes to be aware of zero-day attacks being used by hackers targeting popular Web applications like media players and chat applications. The current attack is focusing on popular applications that are usually left unpatched or untracked by administrators for vulnerabilities. While most enterprises are scheduling Microsoft’s security patches deployments, applications from other vendors are usually left unpatched and as a result are becoming as an easy target for hackers. These attacks attempt to install Trojans on end-user machines to steal valuable corporate data. the risk they run from custom Web applications, following the inclusion of this category of risks in the SANS Institute’s `top 20’ annual review of security threats.
“The 2007 SANS Institute’s annual review of top 20 IT security risks confirms the findings of our Q3 and Q4 Web Security Trends Reports of last year, notably in the field of Web 2.0 application vulnerabilities. Since our 2007 reports, there has been a significant move into custom Web applications by a growing number of organizations, and it’s these applications that criminal hackers are now targeting,” said Yuval Ben-Itzhak, Finjan’s CTO.
“The problem with hackers targeting customthese Web applications – such as media players, chat applicationscontent management systems and discussion forums, as well as the latest Web 2.0 features – is that these threats are not tracked in general vulnerability reporting services such as BugTraq and @Risk. This makes the task of identifying and protecting against these types of attacks all the more difficult,” said Finjan CTO Yuval Ben-Itzhak.k added.
Ben-Itzhak agrees with the broad findings of the SANS Institute’s analysis of Web browser vulnerabilities, but adds that his company’s research suggests that hackers are also focusing their unwanted attentions on non-Microsoft products.
“The trend towards companies of all sizes adopting open source and, of course, Apple Mac applications, has been steadily increasing over the last 12 months. Since most vulnerability reporting services tend to focus on Microsoft software, this makes the business of criminal hackers a lot easier,” he said.
“Since we know thatAs most users and enterprises do notfail to patch these non-Microsoft products anywhere near as frequently as Microsoft applications, the problem of open source and other non-Microsoft software security becomes more difficult to track and resolve,” he added.
The Finjan CTO went on to say that, over the last few months, the company’s research team has seen significant volumes of malicious Web pages originating from China that are targeting media player add-ons for browser programs of all types.
“As a result, users of these media players, whether Microsoft-flavoured or otherwise, are having to cope with zero day attacks that install Trojans on end user machines. Our research teams have many examples of this trend,” he said.
Against this backdrop, Ben-Itzhak advises IT managers tos in companies of all sizes to keep their IT security and systems software up-to-date, installing all relevant patches and updates where appropriate.
r review non-Microsoft applications, in use by their end-users, to ensure all available patches were deployed.
“IT managers should also regularly review their security needs and ensure that their Web security technology is capable of defending company IT resources against the multi-vectored and hybrid nature of today’s electronic attacks.
Adding Secure Web Gateways, utilizing real-time content inspection technologies to detect and prevent Trojans from infiltrating the network, has become an acute need in today’s network environment to secure corporate data,” he said.