Finjan Reveals New Trojan Activity Involves Chinese Government Website

Finjan has recently conducted a study prompted by the increased volume of attacks coming from China. The study maps how users PCs are being infected by Trojans distributed from China that then steal data from organisations and details some of the sites that are involved in the process. Finjan’s Malicious Code Research Center (MCRC) have detected malicious activity by groups that distribute their content using obfuscated code and a network of websites to bypass traditional information security technology. The company investigated a very sophisticated attack that used zero-day exploits (malware for which there is no security patch) as well as other new hacking techniques and discovered a centralized group of activity based from China, one of the websites in the group belongs to a Chinese governmental office. Finjan researchers found that some sites in the network lead to Trojan sites that exploit the users’ browser and then download the Trojan and install it on the users desktop. Once the users PC has been infected the Trojan starts to send data to other websites in the network that are hard to detect. “This development is disturbing for governments, enterprises and individuals alike”, said Finjan’s CTO Yuval Ben-Itzhak. “To defend against this type of attack, security solutions need to employ real-time content inspection technology that analyses each and every piece of web content in real-time, regardless of its original source or domain name.”


Related reading