Countermeasures against computer worms


Application-Level Behavior Blocking / Finjan Software

Traditional Internet security solutions consisted on detection and irradiation of virus, firewall protection, sniffers tasked with detection and prevention of intrusions and heuristic-based systems. These measures are no longer sufficient to prevent today’s highly sophisticated network attacks launched by ultra-fast malicious code that can infect networks and PCs system within seconds. Such threats are undetected by packet-level Intrusion Detection and Intrusion Prevention systems and long before a signature-based anti-virus solution can be updated or a software patch is installed, resulting in costly damages.

Statistics show that the cost of damages caused by current internet viruses more than doubled in 2004, despite the fact that virtually all of the organizations surveyed use anti-virus software and firewalls. Organizations are now facing blended threats that possess characteristics of viruses, worms and Trojans, blended with hacking techniques. Other forms of attack, by Active Content, (such as Java applets, ActiveX controls, and JavaScripts) are growing exponentially and account for the vast majority of today’s malware. Sophisticated active content-driven malware applications, such as spyware or malicious code, do not leave “fingerprints” at the network or data layers that are sufficient to distinctively identify them. Moreover, modern hackers are well aware of traditional security systems such as firewalls, anti-virus and Intrusion Prevention/Detection products, and are crafting their malicious code to “outsmart” such systems.

In order to differentiate legitimate applications using active content, such as web conferencing, from malware using these same active content elements, security solutions are modified to be able to analyze behavior at the level in which the active content resides and operates. This intelligent behavioral analysis must be achieved without compromising the productivity or performance of the network users.

Finjan’s Application-Level Behavior Blocking concept is offering such solution, as part of its patented COTS based Application-Level Behavior Blocking technology inspecting the application-level traffic that might carry malicious mobile code which can infect the computers, and analyzes the behavior of the code itself – before it even arrives and begins to run on the target computer.