Web crimeware seeing explosive expansion

Finjan SecureBrowsing is a browser plug-in that adds safety ratings to URLs of search results. It uses the same real-time content inspection technology as in the company’s secure web gateway systems/ Crimeware toolkits are being sold by hackers for only a few hundred dollars, and are being used by criminals on the web today, says the company. August’s crimeware toolkit list includes the known MPack, NeoSploit, IcePack, WebAttacker, WebAttacker2 and MultiExploit toolkits, as well as new software, such as random.js, vipcrypt, makemelaugh and dycrypt. Finjan believes that each of these toolkits is being updated frequently to include recent exploits and new anti-forensic techniques that allow them to bypass and escape detection by traditional signature, reputation and URL based security products. Finjan SecureBrowsing has already identified many active criminals using the toolkits. As indicated in its Malicious Page of the Month report for July 2007, Finjan detected 58 criminals that used MPack to successfully infect more than 500,000 users in a single month.