Hacking is just like any other area of the IT industry. There are established operations using proven routes to market and yet pioneers constantly emerge, introducing new innovations. The truth about traditional email viruses and worms is that, if they weren’t still so successful, they’d have been left for dead a long time ago. But they still have a life. So they can be used to establish botnets and rogue mail operations and fake web sites.

But what are the newer IT security threats to the consumer and the corporation?

If you want to know the answer to that, Finjan is a good company to talk to. In business terms it has done well from it’s technology, which works in the following way. It reads scripts that try to execute on a computer from the web and dynamically examines them for “maleficent” behavior. It then prevents any that are suspicious from running. It’s sophisticated stuff.

This technology also puts Finjan in a good position to comment on what the Black Hats are currently doing to try to penetrate your systems and steal your data. Finjan is usually the first security company to trap and document new web-based exploits. It regularly produces Security Trends Reports (which you can get here)

The Word From Finjan

I discussed the latest trends in Black Hat behavior last week with Yuval Ben-Itzhak of Finjan. Currently the more innovative of the bad guys are doing their best to infect big ad networks by planting malicious code in Flash files and PDF files. The main point, of course, is that most people expect such files to be safe and therefore they are more likely to let such files execute. Logically, of course, anything that executes has to be a suspect for carrying malicious code, but people don’t think of Flash animation as “executing” and neither do they think of PDFs in that way.

Finjan has discovered that large ad networks that serve Flash-based banner ads don’t prevent their ads from interacting with the hosting web page (even though Flash can be set to prevent such interaction) so they have become a gateway for attacks. The Black Hats take advantage of Flash ActionScript to interact with its hosted web page,  dynamically injecting it into the hosting DOM in order to subsequently exploit a browser-vulnerability.

Finjan is not optimistic about cybercrime in the coming year. Its forecasts are as follows:

1. The increasing number of unemployed IT professionals will naturally lead to a growth in cybercrime.
2. Cybercriminals will benefit from the Obama Administration’s plan to bring Broadband Internet access to every American. (Broadband increases opportunities for everyone.)
3. Cybercriminals will continue to leverage the most advanced techniques and services that Web 2.0 can offer, and will continue to focus on Trojan technologies

To this, I guess I can add: Increasingly the black hats will seek to establish root kits. After all, if you’re going to plant a Trojan, you may as well plant an invisible one.

[Note: If you didn't know a root kit is malware that is planted at the root level in a computer so that it has all possible access capabilities, incuding the ability to hide itself from any other running process. The more talented Black Hats install Trojans that are root kits, when they can].