What is Toluu?
Toluu is a free service for sharing the feeds you read and discovering new ones.		 Get Invite

Finjan MCRC Blog: Posts

Finjan is a global provider of proactive web security solutions that protect businesses and organizations against all types of web threats, including Spyware, Trojans and malicious code.


Governmental, Healthcare, and Top Business Websites have fallen victims to the new round of Asprox mass attackJuly 15
As covered in my previous post a new round of mass Web attacks has started during May 2008. Hackers successfully compromised a large number of government and top businesses websites worldwide to infect visitors with malware. The attack toolkit being used (which is aliased as “Asprox”) has been around for few years; however, during the last year we have noticed a rise in the number of attacks using it. The attack toolkits is designed to first search Google for webpages with the file extension [.asp] and then launch SQL injection attacks to append a reference to the malware file using the SCRIPT tag.
Short research of “in-the-cloud-service” and “unknown malware samples”July 2
It looks like the new AV buzzword of “in-the-cloud-service” has gathered momentum among Anti- Virus vendors. On June 30, 2008 an interview with Trend Micro’s CEO was published on Zdent.co.uk titled “Antivirus industry lied for 20 years “– it makes me wonder what is going to be changed in the 21st year? In the interview Trend Micro’s CEO unveiled the new vision of her company - moving to “In the Could Service” e.g. “throws all the unknown samples up into the cloud for deeper and faster pattern recognition”. What will happen if I’m offline...?.
2008 Cybercrime economyJune 17
A couple of years ago, credit card numbers and bank account PINs were traded for $100 or more on sites selling that kind of stolen information. But nowadays prices have dropped to $10-$40 per item.
Guess who’s got your passwords and emails stored on their servers…?May 17
In our recent MPOM report, we reported on a Crimeserver hosting 1.4G of unprotected stolen data, including passwords, medical data, emails etc. Many people asked us how we found the data. Was the data secure or not?
Attacker toolkits for freeMay 6
During our ongoing research we came up against one curious site. The site is hacking/security oriented, and is located in Russia (hmm... the previous time i've cheked it was in Netherlands), and not significantly different from many other similar sites.