Finjan offers free audits for crimeware sufferers

By Ron Condon, U.K. Bureau Chief 14 Nov 2008 | SearchSecurity.co.uk

Security UK News Digg This!     StumbleUpon     Del.icio.us

Security company Finjan Inc. says your defences are probably not up to scratch and is prepared to prove it -- for free. Any company with 1,000 users or more will qualify for a free audit of its systems, and the San Jose, CA.-based Web security firm says it is confident it will discover bad practices, Trojans and keyloggers that other products fail to spot.

Tim Warner, U.K. and France country manager for Finjan, said many companies were still relying on antivirus signatures to block malware, as well as static URL lists to control user behaviour, both of which are inadequate in changing the threat landscape.

He explained that the audit is done by installing Finjan's RUSafe auditing tool on the user's network, upstream of the existing filters, where it inspects and logs traffic. For a 1,000 user network, the device would be left in for a week, and then its findings analysed and reported back to the company in the form of a PowerPoint presentation.

"We're committing around £5,000 of resources to each audit, and we wouldn't do that unless we were confident of finding stuff," said Warner. "We usually find one keylogger, and in one place we found seven." He said previous similar exercises had resulted in successful sales in around 70% of cases.

Warner cited recent reports of the Sinowal Trojan, malware that can be downloaded from infected websites and is estimated to have stolen the details of about 500,000 online bank accounts and credit and debit cards.

"Reports that the Sinowal Trojan has resurfaced with a vengeance is bad news, especially since the malware has been around since the start of 2006. The fact that it is still around more than two and a half years later means that it is still hoovering up IDs and passwords."

Large corporations are certainly starting to notice a sharp rise in criminal activity on the Internet. A recent small survey by the Corporate IT Forum among chief security officers at 54 large member organisations painted a grim picture of companies being besieged by increasingly clever Internet criminals who were beyond the long arm of the law.

The research found that for large companies, high-tech crime is growing in severity, complexity and proportion, and is now being increasingly perpetrated by professional criminal gangs. Respondents think the rise in e-crime is due to a lack of any coherent, international legislation and the absence of any suitable deterrents or penalties. Those involved in cybercrime have little prospect of being caught.

More than two-thirds of the companies reported an increase in deliberate and intentional high-tech crime -- malicious crimes designed to benefit the individual criminal, disrupt company systems or defraud.

Individual respondents were not identified but one was quoted as saying: "We're experiencing more sophisticated attacks combining social engineering, malicious code and phishing -- potentially much more damaging. We're also experiencing the spear phishing of senior executives."

Most of them felt the police were ill-equipped to tackle most hi-tech crime and for that reason, would not bother to report attacks. Most bemoaned the loss of the National Hi-Tech Crime Unit, and felt that its successor, the newly created Police Central e-Crime Unit, was too poorly funded to make a difference.

However, Finjan may not be the only company with the right security product -- or even a free trial of technology. Mark Harris, director of Sophos Labs plc, said: "We've not used signatures for many years. We and a lot of other AV companies have moved on from simple scanning to doing a lot more. Our research shows that one in 1,100 Web page requests go to a compromised website hosting malicious content. It may not sound like a lot, but a Web page is made of up several requests so it is quite high."

He said that the Sophos approach is to examine the behaviour of incoming code. "The secret to protecting against Web-based threats is not about scanning, but about knowing what not to scan and not slowing down the Web traffic," he said. "We look at behaviour in executables. For instance, if it's written in Brazil, in Visual Basic and it tries to access Web pages, we know it's a banking Trojan."

And if the idea of a free trial appeals, then Sophos also offers a free endpoint protection assessment to see which machines have been properly patched.

Tags: Secure Coding and Application Programming,  Web Application Security,  Threat and Vulnerability Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Secure Coding and Application Programming Adobe ColdFusion websites being compromised How to tackle buffer overflow vulnerabilities and attacks 2009 Royal Holloway University of London MSc thesis series Month of Twitter Bugs project to document Twitter flaws Mozilla patches 11 Firefox security flaws, JavaScript errors Adobe issues first quarterly patch release fixing 13 flaws Microsoft patches WebDAV security vulnerability in bevy of updates RSA council addresses growing security risks in the cloud Mac OS memory flaws pose challenges for enterprise endpoint protection IT pros can detect, prevent website vulnerabilities, thwart attacks Web Application Security Adobe fixes critical Shockwave Flash Player flaw Web application firewall's value depends on effort you put in Cybercrime attacks, IT outsourcing, mobile malware top ISF threat list Buying botnets: Underground network marks ominous 'milestone' How to tackle buffer overflow vulnerabilities and attacks A look at new SQL injection attacks Botnet platform helps cybercriminals bid for zombie PCs Security researchers develop browser-based darknet Month of Twitter Bugs project to document Twitter flaws Microsoft cracks down on click fraud ring Threat and Vulnerability Management How to defend against rogue DHCP server malware Web application firewall's value depends on effort you put in Firewall rule management best practices Cybercrime attacks, IT outsourcing, mobile malware top ISF threat list Buying botnets: Underground network marks ominous 'milestone' Gartner sees better days ahead for security budgets How to secure the Border Gateway Protocol Coping with top security in a world of deperimeterization Computer misuse cases: Get there before the bad guys IT overhaul results in cheaper, better endpoint security management

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary