December 10, 2003
Finjan Software Finds Security Flaw in Yahoo E-mail Service
Malicious Script Execution Flaw Allows Malicious Code to Launch Automatically
Upon Opening of E-mail Messages

SAN JOSE, Calif., Dec. 10 /PRNewswire/ -- Finjan Software -- Mobile Code
Research Center (MCRC), a department designated to detect the next attack by malicious hackers and invent new proactive security technologies, today announced that it identified a malicious script execution security vulnerability in Yahoo's Web-based e-mail service. This vulnerability had the potential to allow malicious hackers to automatically launch a worm or malicious mobile code attack upon the opening of an e-mail message. The vulnerability was reported to Yahoo and has been fixed. Malicious Script Execution flaws allow a malicious hacker to input malicious script into a seemingly normal e-mail message. A computer user opening an e-mail message containing an embedded malicious script could automatically be hit with a malicious code attack if scripting has been enabled on the Web browser. Malicious script can be written in various languages including Java, JavaScript, VB Script, Active X, and HTML. In addition to destroying files, malicious code attacks have the ability to steal personal information such as usernames, passwords, credit card numbers, and any other information a user inputs into the computer. It can also expose restricted parts of a local area network, such as an Intranet, to the public. "Web-based e-mails have become very popular due to its ability to provide access to one's e-mail messages from any computer connected to the Internet," said Brian Burke, program manager at IDC. "Malicious hackers are always looking at ways to gain unauthorized access to personal information of their victims for various reasons and Web e-mail services are certainly a potential target."

"We are currently experiencing a new generation of viruses, worms and other types of malicious mobile code attacks," said Shlomo Touboul, founder and CEO of Finjan Software. "This new generation spreads faster than ever before and can infect millions of computers in minutes. A security strategy using only traditional signature-based security solutions is far too slow to protect against these new threats therefore, proactive behavior inspection technology must be implemented to close this window of vulnerability left open when companies are waiting for an update."

Finjan solutions use proactive technology and provide protection to their owners before damage can be done. Finjan's content security products, SurfinGate(TM) for Web, SurfinGate for E-mail, SurfinShield Corporate and SurfinGuard Pro, provide proactive defense against malicious script execution flaws and mobile malicious code attacks. Its patented behavior inspection
engine will protect computer users from similar future vulnerabilities and comparable potential exploits.

About MCRC
MCRC is the leading research department at Finjan Software, dedicated to the research and detection of potential Internet and e-mail attacks. MCRC's goal is to be one step ahead of malicious hackers attempting to exploit open platforms and technologies to develop next generation mobile malicious code, worms, trojans, viruses and spyware. MCRC researchers also contribute to the development of next generation defense tools for Finjan's proactive content security solutions. For more information, visit http://www.finjan.com/mcrc/index.cfm .

About Finjan
Finjan Software is the leading provider of proactive content security solutions to global organizations. Exceeding the preliminary level of defense typically offered by reactive anti-virus software solutions, Finjan's Vital Security family of products proactively respond to changing, yet-to-be-created Internet security threats and close the Window of Vulnerability. Finjan is
recognized by analyst firm IDC as the leader in the worldwide malicious mobile code security market. For more information, visit http://www.finjan.com .

NOTE: Finjan, SurfinGate, SurfinGuard, and SurfinShield are registered trademarks of Finjan Software, Inc. and/or its subsidiaries. Window of Vulnerability and Vital Security are trademarks of Finjan Software. Other trademarks in this document belong to their respective owners. The Finjan Software products described in this document are protected by U.S. Patent No. 6092194, 6167520 and 6480962 and may be protected by other U.S. Patents, foreign patents, or pending applications.

Designed by Intellity Interactive Media ©2002 Israel Seed Partners Webmaster