eEye Digital Security Warns Against Spreading Botnets; Releases Multiple Protections for Critical MS06-040 Vulnerability.ALISO VIEJO, Calif. -- Security Leader Releases Free Tool Based on Award-Winning Retina Scanner; Blink Endpoint Security Also Proactively Protects Users Without the Need for a Software Patch eEye Digital Security eEye Digital Security is a company that specialises in analysis and prevention of security vulnerabilities in software. Founded by Firas Bushnaq and Marc Maiffret in 1997, the company has been credited by Microsoft with bringing a number of security vulnerabilities to their (R), a leading developer of network security and vulnerability management software solutions, as well as the industry's foremost contributor to security research and education, today announced that it is offering multiple forms of protection for enterprises to immediately address various attacks circulating via a flaw in Microsoft's (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :MSFT MSFT Microsoft (stock symbol) MSFT Movimento Sociale Fiamma Tricolore (Italy) MSFT Multi-Stage Fitness Test MSFT Master of Science in Family Therapy MSFT Macalester Students for Fair Trade ) Server Service that was patched last Tuesday Last Tuesday is a Christian melodic punk rock band hailing from Harrisburg, Pennsylvania. They played their final show on March 10th, 2007. Last Tuesday was formed in 1999 in Harrisburg, P.A. in Microsoft bulletin MS06-040. Specifically, eEye confirmed that Blink(R), its award-winning endpoint intrusion prevention See IPS and IDS. solution, provides proactive protection against these attacks. In addition, eEye has released a free scanning tool for those organizations unable to deploy Blink or patch their systems quickly. The Retina-based tool can scan up to 256 systems at once to check specifically for vulnerabilities that leverage MS06-040 as an attack vector The approach used to assault a computer system or network. A fancy way of saying "method or type of attack," the term may refer to a variety of vulnerabilities. For example, an operating system or Web browser may have a flaw that is exploited by a Web site. . Already downloaded more than 27,000 times, the tool is available online at: http://www.eEye.com/html/resources/downloads/audits/NetApi.html. "When Microsoft released its 12 patches last Tuesday, it was clear that this flaw was the most critical vulnerability," said Marc Maiffret Marc Maiffret is the co-founder of eEye Digital Security along with Firas Bushnaq. He is currently serving as Chief Technology Officer, where he is responsible for both high-level product strategy, as well as setting the eEye research agenda. , eEye's co-founder and chief hacking officer. "Once we identified this piece of malware, our research team knew that signature-based security technologies would be unable to detect it, which has been a common denominator common denominator n. 1. Mathematics A quantity into which all the denominators of a set of fractions may be divided without a remainder. 2. A commonly shared theme or trait. for the vast majority of the new malware that our security team has seen. For IT to effectively protect their networks against this type of threat, they either have to incorporate some type of non-signature-based endpoint protection or be prepared to drop everything on Patch Tuesday The day Microsoft releases new patches for Windows, which is the second Tuesday of the month. Also called "Black Tuesday." See patch. to patch their critical systems." eEye already proactively protects its customers from the exploitation of this vulnerability with Blink, allowing IT departments to deploy software patches according to regularly scheduled maintenance cycles. Blink does not require shutting down services or applications as a means of protection A means of protection is some contract or guarantee of security for body or property. It is usually achieved, in a modern state society, by agreeing to some social contract including a monopoly on violence, e.g. , thus allowing businesses to continue to function normally. The result is 100 percent protection, with zero downtime or impact to operations. In addition, current customers using the Retina Network Security Scanner Software that analyzes a network to determine its exposure to unwanted intruders. Also called "vulnerability scanners," such products check client PCs, servers, routers, firewalls, network appliances, system software and applications for vulnerabilities that include open ports, trapdoors, are already able to scan their systems for this critical vulnerability. "This illustrates, yet again, the reactive nature of anti-virus and other signature-based security technologies, as well as the need for proactive protection that prevents the root of the problem -- the vulnerability -- rather than the aftereffect af·ter·ef·fect n. An effect following its cause after some delay, especially a delayed or prolonged physiological or psychological response to a stimulus. of the problem -- the malware -- from compromising enterprises' networks," continued Maiffret. The malware is using the Server Service flaw that was patched last Tuesday in Microsoft bulletin MS06-040, which fixes a flaw in an unchecked buffer in the Server Service and allows for anonymous exploitation remotely. Although exploits were circulating and being used in targeted attacks within hours of the release of Microsoft's patches, there had not been any sort of mass-propagated attacks until one surfaced over the weekend. On Saturday, eEye's research team confirmed the existence of a new piece of malware that is automatically infecting systems using the MS06-040 vulnerability as its attack vector to deliver a botnet payload. A botnet is a piece of malware that is typically installed -- using exploits or viruses -- on many systems in order to allow thousands of systems to be controlled to perform attacks, including Distributed Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. (DDoS) attacks. This particular botnet malware connects to IRC (Internet Relay Chat) Computer conferencing on the Internet. There are hundreds of IRC channels on numerous subjects that are hosted on IRC servers around the world. After joining a channel, your messages are broadcast to everyone listening to that channel. chat servers and allows for attackers to control infected systems via commands passed on IRC chat. In addition, the malware allows its controller to execute programs, update the BOT software, and exploit other machines. The malware will also attempt to disable Windows firewall and the Windows XP SP2 security alert that triggers when the system's antivirus software is disabled. At this time there are currently two separate variants of this malware, using the file names "wgareg.exe" and "wgavm.exe." On Saturday, Microsoft released a separate hotfix related to the MS06-040 patch that needs to be installed on Windows 2003 SP1 systems, creating another patching event for IT security departments. "This means that if users were able to scramble to patch systems for MS06-040 last week, they now have to go install a second patch that fixes a bug in the first one," Maiffret added. "Proactive protection can spare companies from spending valuable IT resources to take the servers offline yet again. Blink users are able patch their systems when it makes sense for their business and avoid a serious impact to productivity." Users of anti-virus solutions should make sure that they have the latest signature files. As a final precaution, eEye recommends filtering TCP (1) (Transmission Control Protocol) The reliable transport protocol within the TCP/IP protocol suite. TCP ensures that all data arrive accurately and 100% intact at the other end. ports 139 and 445 at the corporate gateway and instructing users to not open any unexpected email attachments. Over the last five years, industry experts have recognized eEye as the preeminent organization in the discovery of the most critical vulnerabilities in various platforms and applications, including the vulnerabilities subsequently leveraged by the Sasser, Witty and Code Red worms, as well as the Microsoft ASN (1) (Autonomous System Number) A unique identifier of an autonomous system on the Internet. Of the 65 thousand ASNs available, more than 30 thousand have been assigned to ISPs and NSPs. ISPs usually have only one ASN, but NSPs may have more than one. vulnerability and hundreds of other important discoveries. This expertise gives eEye a distinct advantage in designing services and software solutions for the assessment, remediation and prevention of vulnerabilities and the attacks that leverage them. About Blink(R) Endpoint Intrusion Prevention Designed to be implemented on individual assets such as servers, PCs and laptops, Blink is the first endpoint product to combine multiple layers of security technologies to protect enterprises from zero-day attacks that leverage yet unknown vulnerabilities within enterprise networks. This comprehensive security solution allows organizations to defer patching vulnerable machines until regularly scheduled maintenance cycles, thereby saving millions of dollars in business disruption and the associated IT resource drain caused by "panic" patching. Additionally, Blink eliminates the problem of so-called "socially engineered" security threats in which hackers trick individuals into downloading malware or otherwise making their own machines vulnerable to attack. As a result, Blink uniquely protects assets from vulnerabilities, as opposed to only thwarting attacks. For those interested in protecting corporate systems with Blink, an evaluation version is available for download on eEye's Website: http://www.eEye.com/Blink. eEye's integrated family of vulnerability management solutions helps IT and security professionals confidently safeguard their valuable digital assets. Working in conjunction with popular tools such as firewalls and intrusion detection systems, eEye's product portfolio also includes Retina(R) Network Security Scanner, REM(TM) Security Management Console, Iris(R) Network Traffic Analyzer and SecureIIS(TM) Web Server Protection. About eEye Digital Security eEye Digital Security is a leading developer of network security software, and the foremost contributor to security research and education. eEye's award-winning software products provide a complete vulnerability management solution that addresses the full lifecycle of security threats: before, during and after attacks. eEye's customers, Citigroup and the U.S. Department of Defense, represent the largest deployments of vulnerability assessment and prevention technology in the private and public sector. eEye protects the networks and digital assets of more than 8,500 corporate and government deployments worldwide, including Avon, Continental Airlines, Dow Jones, EDS (Electronic Data Systems, Plano, TX, www.eds.com) Founded in 1962 by H. Ross Perot (independent candidate for the President of the U.S. in 1992), EDS is the largest outsourcing and data processing services organization in the country. , Prudential, University of Miami This article is about the university in Coral Gables, Florida. For the university in Oxford, Ohio, see Miami University. The University of Miami (also known as Miami of Florida,[2] UM,[3] or just The U , Viacom, Vodafone, Warner Music and Wyeth. Founded in 1998, eEye Digital Security is a privately held, venture-backed firm with headquarters in Orange County, California Orange County is a county in Southern California, United States. Its county seat is Santa Ana. According to the 2000 Census, its population was 2,846,289, making it the second most populous county in the state of California, and the fifth most populous in the United States. . For more information, please visit www.eEye.com. All trademarks contained within this press release are the sole property of their respective owners and are hereby acknowledged. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion