Finjan Web Security Trends Report – Q3/2007

Finjan has released it’s Web Security Trends Report – Q3/2007 (PDF) and I found it quite interesting to read.

One of the innovative research presented in the report is the security model and risk posed by the various widgets which seem to be the hottest trend in GUI design.Either built for WWW, Windows Vista or Macintosh OSX Dashboard,the widgets are everywhere and Finjan found vulnerabilities in widgets and gadgets that enable attackers to gain control of user machines.

This report also presents a detailed analysis of a very special malware : the financial data trojan which gets  activated whenever an user does internet banking or logs in a financial institution website . "Financially-focused crimeware – what happens when a trojan goes phishing" shows step by step all the Crimeware Trojan Workflow :

  1. Detect login page to a financial service
  2. Send the login credentials to the financial service as well as the crimeware server
  3. Crimeware server response contains custom designed page to get more sensitive information (designed for the service provider)
  4. Crimeware on infected PC injects the custom page into the browser (which is already connected via SSL to the financial provider)
  5. Victim enters sensitive data into customized form
  6. Crimeware sends customized form data to crimeware server
  7. Crimeware gets the financial service response to the original login credentials and shows them on the browser.

Get a copy of this report here .



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post Print This Post


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge