• Latest News
• Crave
• Webware
• Business Tech
• Green Tech
• Wireless
• Security
• More
  • Media
  • Cutting Edge
  • Apple
  • Politics & Law
  • Games and Culture
  • Microsoft
  • Blogs
  • Video
  • Photo galleries
  • RSS
  • Markets

  

This week Robert Vamosi talks with Yuval Ben-Itzhak, CTO of Finjan, a security company.

For the past year, Robert has been talking about the use of iframes to compromise legitimate Web sites with links to malicious code servers. It's easy for criminal hackers to compromise a site if it's poorly managed and open to cross-site scripting attacks (think ma and pa e-commerce sites).

Over the summer, automated versions of these attacks compromised thousands of travel, hotel, and restaurant sites in a matter of course. But there's a flaw with iframes; the malicious servers are often identified and blocked. Unfortunately, this posed only a temporary setback for criminal hackers.

Over the last several weeks, researchers at Finjan, a security company, have been monitoring the use of a new malware kit that uses new tricks designed to thwart conventional anti-malware applications. One trick disguises the malware upon second visit to the Web site, making it a nonpersistent threat that's hard to classify. Despite these tricks, Finjan was still able to find more than 10,000 sites infected with this new toolkit and offers some details about the attack.