Finjan Inc. announced important findings by its Malicious Code Research Center which have identified a new genre of crimeware Trojans. Utilizing regular Web 2.0 technology and websites to provide cybercriminals with an easy and scalable command and control scheme, the latest "Trojan 2.0" attacks exploit the trust that legitimate web services enjoy vis-a-vis reputation-based security services.

    Finjan CTO Yuval Ben-Itzhak stated: "Criminals and attackers are arming their crimeware Trojans with new covert communication channels designed to evade detection by traditional security products. Since this model uses legitimate websites and domains for distributing instructions to botnets, these communications appear as regular web traffic, and in most cases cannot be detected by enterprises' existing security solutions. The advancements made in Trojan technology compel businesses to upgrade their web security solutions. Products that rely on real-time inspection and true understanding of the underlying web content, rather than reputation-based or signature-based solutions, are best equipped to handle these types of threats."

    As email-borne attacks continue to diminish - except for spam - and the web consolidates its claim as cybercriminals' favorite vector of attack, the web channel will continue to evolve. The stage is set for cybercriminals to leverage Web 2.0 technologies to reach new levels of technological sophistication. New types of upgraded attacks, such as Trojan 2.0, will use the web as a control channel for communicating with botnets, taking advantage of the very trust that users have been conditioned to place in their traditional security vendors. The latest Web Security Trends Report also includes a review of Finjan's predictions for 2007 - outlined in its Q4 2006 Trends Report - and how they fared, as well as a summary of trends identified by Finjan in the first two quarters of 2007. These highlights serve to provide an overview of key web security trends for 2007.

    Ben-Itzhak concluded: "The trends described in this report reflect the way we sees the web security field evolving in the near future in terms of utilizing the full power of Web 2.0 to conduct malicious activities by utilizing legitimate websites and technologies. The fact that attackers continue to adapt legitimate technologies to support their criminal activities indicates how meticulously they are monitoring current security vendor technology. Their quickness and agility in applying new attack techniques has given them an edge - at least for the time being - over traditional security vendors."  

    Trojans have long been cybercriminals’ technology of choice in their quest for financial profit. They provide a complete way of controlling a PC and utilizing it for criminal activities related to the infected host, as well as targeting arbitrary victims outside the network. Spammers are renting Trojan-based botnets on a daily basis, and identity thieves are leveraging their keylogging capabilities. More sophisticated attackers are using Trojans for direct financial fraud and elaborate corporate espionage and business intelligence gathering. Traditionally, one of the main communication channels used to control these crimeware Trojans was IRC (Internet Relay Chat – a messaging protocol), which was followed by IRC over HTTP to circumvent basic firewalling. This report examines a new genre of Trojans – Trojan 2.0 - that can utilize legitimate Web 2.0 technology and websites to provide cybercriminals with an easy and scalable command and control scheme.