(Logo: http://www.newscom.com/cgi-bin/prnh/20080618/309345 )

In its Web Security Trends Report Q4 2008(https://www.finjan.com/form.aspx?id=72&ObjId=641), MCRC shows howcybercriminals are using PDF and Flash files - that are normally consideredto be safe - as a vehicle for distributing their malicious code and forinfecting end-user PCs.

Cybercriminals take advantage of the specific functionality available inFlash ActionScript that enables the Flash file to interact with its hostedweb page (DOM). They embed their malicious code in Flash files anddynamically inject it into the hosting DOM to exploit a browser-vulnerabilityand to install a Trojan. Although Flash supports the functionality to preventsuch interactions, many sites owners are not using it.

The report further unveils that large ad networks serving Flash-basedbanner ads did not prevent their ads from interacting with the hostingwebpage. As demonstrated in the report, the lack of configuration by adnetworks to prevent this interaction, between the served Flash-based ad'sActionScript and the DOM, has become a new vector for cybercriminals to servetheir malicious code undetected.

"Using rich content applications such as Flash files to distributemalicious code has become the latest trend in cybercrime," said YuvalBen-Itzhak, CTO of Finjan. "Having the widespread distribution and thepopularity of Flash-based ads on the Web, their binary file format enablescybercriminals to hide their malicious code and later exploit end-userbrowsers to install malware."

Finjan's MCRC has continuously been following and covering the evolutionof cybercrime in recent years. In its latest trends report, MCRC provides anoverview of cybercrime trends in 2008 and presents its predictions for 2009.

- Cybercrime will keep on rising with an increasing number of unemployed IT professionals joining in - Cybercriminals will benefit from the Obama Administration's plan to bring Broadband Internet access to every American - Cybercriminals will continue to leverage the most advanced techniques and services that Web 2.0 can offer, with a focus on Trojan technologies Concludes Ben-Itzhak: "Cybercriminals will continue to be highlysuccessful in their crimeware attacks, deploying the latest technologies,especially sophisticated data-stealing Trojans. By staying ahead oftraditional security methods, they will keep on maximizing their considerableprofits. The optimal way to prevent malicious files from infecting PCs andcorporate networks is active real-time content inspection technologies thatcan inspect each and every piece of Web content in real-time to detectmalicious code without the need for signatures."

About MCRC

Malicious Code Research Center (MCRC) is the leading research departmentat Finjan, dedicated to the research and detection of securityvulnerabilities in Internet applications, as well as other popular programs.MCRC's goal is to stay steps ahead of hackers attempting to exploit openplatforms and technologies to develop malicious code such as Spyware,Trojans, Phishing attacks, worms and viruses. MCRC shares its researchefforts with many of the world's leading software vendors to help patch theirsecurity holes. MCRC is a driving force behind the development of nextgeneration security technologies used in Finjan's proactive web securitysolutions. For more information, visit our MCRC subsite(http://www.finjan.com/SecurityLab.aspx?id=547).

About Finjan

Finjan is a global provider of web security solutions for the enterprisemarket. Our real-time, appliance-based web security solutions deliver themost effective shield against web-borne threats, freeing enterprises toharness the web for maximum commercial results. Finjan's real-time websecurity solutions utilize patented behavior-based technology to repel alltypes of threats arriving via the web, such as spyware, phishing, Trojans andobfuscated malicious code, securing businesses against unknown and emergingthreats, as well as known malware. Finjan's security solutions have receivedindustry awards and recognition from leading analyst houses and publications,including Gartner, IDC, Butler Group, SC Magazine, CRN, ITPro, PCPro, ITWeek,Network Computing, and Information Security. With Finjan's award-winning andwidely used solutions, businesses can focus on implementing web strategies torealize their full organizational and commercial potential. For moreinformation about Finjan, please visit: http://www.finjan.com.

(c) Copyright 1996-2008. Finjan Software Inc. and its affiliates andsubsidiaries. All rights reserved. All text and figures included in thispublication are the exclusive property of Finjan and are for your personaland non-commercial use. You may not modify, copy, distribute, transmit,display, perform, reproduce, publish, license, create derivative works from,transfer, use or sell any part of its content in any way without the expresspermission in writing from Finjan. Information in this document is subject tochange without notice and does not present a commitment or representation onthe part of Finjan. The Finjan technology and/or products and/or softwaredescribed and/or referenced to in this material are protected by registeredand/or pending patents including European Patent EP 0 965 094 B1 and U.S.Patents No. 6092194, 6154844, 6167520, 6480962, 6209103, 6298446, 6353892,6804780, 6922693, 6944822, 6993662, 6965968, 7058822, 7076469, 7155743,7155744, 7185358, 7418731 and may be protected by other U.S. Patents, foreignpatents, or pending applications. Finjan, Finjan logo, Vital Security,Vulnerability Anti.dote and Window-of-Vulnerability are trademarks orregistered trademarks of Finjan Inc., and/or its affiliates and subsidiaries.All other trademarks are the trademarks of their respective owners.

Media Contacts: United States Jan Wiedrick-Kozlowski Activa PR Tel: +1-585-392-7878 jan@activapr.com UK Neil Stinchcombe Eskenzi PR Ltd. Tel: +44(0)208-449-1007 neil@eskenzipr.comSOURCE Finjan Software