Aladdin Discovers Creators of Common Hybris Vandal; New eSafe Solutions Protect Organizations From Such Threats Using Advanced Proactive Technologies.Business Editors/High-Tech Writers CHICAGO--(BUSINESS WIRE) Jan. 9, 2001 - Aladdin Knowledge Systems Aladdin Knowledge Systems NASDAQ: ALDN is a company that provides solutions for software digital rights management and Internet security since 1985. Its corporate headquarters are located in Tel Aviv, Israel. (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ALDN), a global leader in the field of Internet content and software security, today announced its Content Security Response Team (CSRT CSRT Combatant Status Review Tribunal CSRT Conseil Supérieur de la Recherche et de la Technologie (France) CSRT Canadian Society of Respiratory Therapists CSRT Combat Status Review Tribunal CSRT Connecticut Society of Radiologic Technologists ) has discovered the creators of the common Hybris hy·bris n. Variant of hubris. vandal that has hit numerous organizations around the world. Mr. Shimon Gruper, Aladdin's Vice President of Internet Security, said CSRT labs discovered the vandal's creators are located in Brazil, and are part of a group named VX-BRAZIL, an organization thought to be responsible for previous vandals. Known members of the group include Alevirus, Delta, Kamaileon, NBK NBK National Bank of Kuwait NBK Naval Base Kitsap (Washington) NBK Natural Born Killer(s) NBK Never Been Kissed NBK Nabeya Bi-Tech Kaisha NBK Norsk Brettseiler Klubb (Norway) , Eu and Vecna, a name that actually appears inside the Hybris vandal itself. Brazil continues to be a popular headquarters for hacker groups due to the lack of computer crime laws. As a trojan and worm, Hybris is an email-spreading vandal with polymorphic polymorphic - polymorphism attributes. With a modular design, Hybris uses encrypted plug-in architecture to execute different malicious activities in addition to auto updates. The email arrives from a sender named "Hahaha hahaha@sexyfun.net," and one of four subjects is likely to be listed: Snowhite and the Seven Dwarfs - The REAL story! Branca de Neve porne! Les 7 coquir nains Enanito si, pero con que pedazo! The attached file within the email will have one of 16 names. The most common include "midgets.scr," "dwarf4you.exe" and "blancheneige.exe." However, variants of the vandal may include a host of other subjects and attached file names. To see a complete list, visit Aladdin's Web site at http://www.ealaddin.com/home/csrt/valerts.asp#hybris. Upon activation, the Hybris vandal attempts to patch its code to the Windows WSOCK WSOCK Windows Sockets 32.DLL (1) See data link layer. (2) (Dynamic Link Library) An executable program module in Windows that performs one or more functions at runtime. DLLs are not launched by the user; they are called for by an executable program or by other DLLs. file. This enables it to hook to some of the Windows Sockets functions, namely connect(), send(), and recv(). This makes it possible to append To add to the end of an existing structure. all sent and received email messages. If the WSOCK32.DLL is in use, Hybris will create a registry entry that enables it to run on the next boot, as well as a "backup" routine, in case it didn't load on the first boot. Until the next boot, the vandal will be stored in the %WinSystem% directory, under one of the names: "CCMBOIFM.EXE," "LPHBNGAE.EXE" or "LFPCMOIF.EXE." Hybris scans all Internet traffic. When it finds an email address, it will send itself to it after a time interval. This vandals uses its own SMTP (Simple Mail Transfer Protocol) The standard e-mail protocol on the Internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. engine to send email. Once an email was sent, the vandal will send itself attached to the same address in a following email. "Aladdin believes the Hybris vandal is a perfect illustration of the growing need for companies and organizations to protect against malicious mobile code," said Mr. Gruper. "Since Aladdin's labs have discovered the origin of this specific vandal, we are able to provide more detailed alerts. However, Aladdin has anticipated this new breed of vandals. The beauty of Aladdin's eSafe content security solution is that knowledge of a vandal is not needed. eSafe content security solutions proactively protect organizations from such harmful vandals that breach security and leave vital, sensitive data susceptible to attack." About eSafe Aladdin's eSafe Desktop and Enterprise Version 3.0 can proactively protect against any version of Hybris as well as other known and yet to be discovered vandals and viruses. Version 3.0 introduces several advanced proactive technologies to combat vandals, viruses, Trojans, worms, back doors, and remote control hackers' tools. The Application Firewall prevents any unauthorized programs from accessing the Internet. The System Protector detects "hooking" techniques used by Trojans and other known and unknown malicious code to infiltrate PCs. These new technologies combined with the acclaimed Sandbox II(TM) and Personal Firewall provide unparalleled proactive protection without solely relying on constant updates. As a multi-layered security product, the design also incorporates reactive technologies such as an advanced, anti-virus engine, with heuristic A method of problem solving using exploration and trial and error methods. Heuristic program design provides a framework for solving the problem in contrast with a fixed set of rules (algorithmic) that cannot vary. 1. Office macro virus detection and automatic Internet updates. The anti-virus module is certified by both ICSA See TruSecure. and Checkmark to catch 100% of "In the Wild" viruses. eSafe Desktop 3.0 Beta can be downloaded for free at http://www.esafe.com/esafe/desktop/antivirus.asp. About Aladdin Aladdin (NASDAQ: ALDN) is a global leader in securing digital content, from applications software to Internet use and access. Aladdin's products include HASP (Houston Automatic Spooling Program) A mainframe spooling program that provides task, job and data management functions. HASP - Houston Automatic Spooling Program and Hardlock, software security systems that protect the revenues of developers and publishers; Privilege, a software licensing platform for the Internet; the eSafe line of anti-vandal, anti-virus and content filtering software for PCs and networks connected to the Internet; and eToken for Internet security and authentication. Aladdin serves its customers through eight offices located in the world's major software markets as well as a network of 50 distributors serving more than 100 countries. For more information visit our Web site at www.eAladdin.com. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion