Finjan offers free audits for crimeware sufferers

Security company Finjan Inc. says your Web security defences are probably not up to scratch and is prepared to prove it -- for free.

How sure are you that your staff is not visiting infected websites, and that your current defences are keeping out all malware?

Security company Finjan Inc. says your defences are probably not up to scratch and is prepared to prove it -- for free. Any company with 1,000 users or more will qualify for a free audit of its systems, and the San Jose, CA.-based Web security firm says it is confident it will discover bad practices, Trojans and keyloggers that other products fail to spot.

Tim Warner, U.K. and France country manager for Finjan, said many companies were still relying on antivirus signatures to block malware, as well as static URL lists to control user behaviour, both of which are inadequate in changing the threat landscape.

He explained that the audit is done by installing Finjan's RUSafe auditing tool on the user's network, upstream of the existing filters, where it inspects and logs traffic. For a 1,000 user network, the device would be left in for a week, and then its findings analysed and reported back to the company in the form of a PowerPoint presentation.

"We're committing around £5,000 of resources to each audit, and we wouldn't do that unless we were confident of finding stuff," said Warner. "We usually find one keylogger, and in one place we found seven." He said previous similar exercises had resulted in successful sales in around 70% of cases.

Warner cited recent reports of the Sinowal Trojan, malware that can be downloaded from infected websites and is estimated to have stolen the details of about 500,000 online bank accounts and credit and debit cards.

"Reports that the Sinowal Trojan has resurfaced with a vengeance is bad news, especially since the malware has been around since the start of 2006. The fact that it is still around more than two and a half years later means that it is still hoovering up IDs and passwords."

Large corporations are certainly starting to notice a sharp rise in criminal activity on the Internet. A recent small survey by the Corporate IT Forum among chief security officers at 54 large member organisations painted a grim picture of companies being besieged by increasingly clever Internet criminals who were beyond the long arm of the law.

The research found that for large companies, high-tech crime is growing in severity, complexity and proportion, and is now being increasingly perpetrated by professional criminal gangs. Respondents think the rise in e-crime is due to a lack of any coherent, international legislation and the absence of any suitable deterrents or penalties. Those involved in cybercrime have little prospect of being caught.

More than two-thirds of the companies reported an increase in deliberate and intentional high-tech crime -- malicious crimes designed to benefit the individual criminal, disrupt company systems or defraud.

Individual respondents were not identified but one was quoted as saying: "We're experiencing more sophisticated attacks combining social engineering, malicious code and phishing -- potentially much more damaging. We're also experiencing the spear phishing of senior executives."

Most of them felt the police were ill-equipped to tackle most hi-tech crime and for that reason, would not bother to report attacks. Most bemoaned the loss of the National Hi-Tech Crime Unit, and felt that its successor, the newly created Police Central e-Crime Unit, was too poorly funded to make a difference.

However, Finjan may not be the only company with the right security product -- or even a free trial of technology. Mark Harris, director of Sophos Labs plc, said: "We've not used signatures for many years. We and a lot of other AV companies have moved on from simple scanning to doing a lot more. Our research shows that one in 1,100 Web page requests go to a compromised website hosting malicious content. It may not sound like a lot, but a Web page is made of up several requests so it is quite high."

He said that the Sophos approach is to examine the behaviour of incoming code. "The secret to protecting against Web-based threats is not about scanning, but about knowing what not to scan and not slowing down the Web traffic," he said. "We look at behaviour in executables. For instance, if it's written in Brazil, in Visual Basic and it tries to access Web pages, we know it's a banking Trojan."

And if the idea of a free trial appeals, then Sophos also offers a free endpoint protection assessment to see which machines have been properly patched.

Read more on Application security and coding requirements