Strong Interest Prompts Exploit Prevention Labs to Accelerate Development
of Corporate Version
ATLANTA, June 19 /PRNewswire/ -- Exploit Prevention Labs, a developer
of anti-exploit software for protection against drive-by downloads and
zero-day exploits, today announced that it has successfully completed
beta-testing of its flagship SocketShield software. SocketShield is now
available for purchase at http://www.explabs.com.
SocketShield is the industry's first reliable solution to protect
Internet users against the growing threat of drive-by downloads, zero-day
attacks, malicious web sites, and other crimeware exploits that target
vulnerabilities in unpatched Windows applications. These exploits install a
wide variety of malware on to users' computers, usually in the form of a
rootkit that protects the malware from detection by existing security
measures. The rootkit and accompanying malware then enable the exploit
distributor to perpetrate crimes such as identity theft, extortion, fraud,
and espionage.
Exploit Prevention Labs also announced today it expects to ship a
corporate version of SocketShield in the third quarter of this year,
brought forward from the previously-forecast second quarter of 2007.
Development of the corporate version has been accelerated following strong
interest in the beta version of the single-user product from businesses
struggling to protect systems against vulnerability exploits until vendor
patches are available. The first corporate version of SocketShield will
provide network-based centralized configuration and deployment. Reporting
and forensic analysis capabilities will be added in later releases.
Unlike traditional malware such as viruses or trojans that are largely
created by thrill-seeking individuals trying to create chaos, zero-day
exploits are part of a growing category of malicious and frequently
for-profit applications used by international criminal cyber-gangs. Similar
to the business model employed by spammers, the exploit distributors
utilize a tiered distribution system usually composed of a single master
exploit server that controls a large network of innocent looking servers or
web sites which act as lures for unwitting visitors. Simply by visiting the
site, users are silently infected with exploit code through a drive-by
download.
Trusted Web Sites No Longer Trustworthy
Trusted web sites are no longer as trustworthy as they once were. Even
reputable sites are being invisibly hacked and used to deliver exploits to
unwitting visitors. Most users are directed to these sites from search
engines such as Google, Yahoo or MSN.
Recently, Exploit Prevention Labs analyzed the exploit distribution
network established by just one cyber criminal organization and found that
it was using a network of 40 domains, each of which had an average of 500
lure websites linking into it, giving it a reach of 20,000 trusted web
sites that were acting as lures for innocent web surfers. The operators of
most of these innocent-looking yet compromised sites are completely unaware
that their sites have been hijacked or that they're infecting their
visitors with malicious code.
Frequently, the hack consists simply of an i-frame -- a
one-pixel-square (and thus invisible to the naked eye) command used to
embed an html page from anywhere into any other web page. Compromised sites
are sometimes hacked multiple times by different cyber criminal
organizations, who serve up the same exploits using different i-frame
commands.
"Zero day attacks are more dangerous today than they were in the past,"
said Roger Thompson, CTO and co-founder of Exploit Prevention Labs. "A
handful of exploit servers, leveraging tens of thousands of connected web
sites each, can infect millions of web site visitors within hours of the
release of a new zero-day exploit. Leveraging the early warning
capabilities of our distributed Exploit Intelligence Network of probes and
hunting pots, as well as automated research alerts we receive from our
thousands of users, we're often able to identify these new exploits before
they're released, and then update our SocketShield users. The lightweight
architecture of SocketShield allows us to distribute very small incremental
updates to our users in near real-time."
SocketShield Overcomes Limitations of Traditional Security Solutions
SocketShield provides a critical layer of security that complements the
defenses of conventional security solutions. Firewalls cannot stop exploits
because exploits enter through the trusted communications stream of the
user's browser connection. Anti-virus and anti-spyware applications can't
protect against exploits because they must wait for the code to hit the
hard disk in order to detect it, and by that time most exploits have
already executed their payload. Patch management systems can't distribute a
patch until the application vendor releases it. And patching as a general
practice, while critical, often fails because it relies on users taking
action of their own volition.
SocketShield works at the WinSock socket level -- the points of entry
used by a computer to allow programs to be downloaded from the web and
other sources. These sockets can be opened and closed to enable or prevent
downloads. SocketShield uses the knowledge gained through Exploit
Prevention Labs' patent-pending Intelligence Network to close any socket
that a known or suspected exploit is attempting to use.
The Intelligence Network brings together a unique combination of
research techniques:
-- Exploit Intelligence is an extended network of human researchers and
automated probes, honeypots and search bots focused on discovering new
vulnerabilities and exploit examples.
-- The Reputation Filter creates an intelligent filter for known and
suspected exploit distribution sites.
-- Community Intelligence is a community of SocketShield users who allow
information about attempted exploitation of their computers to be
transferred to Exploit Prevention Labs.
The SocketShield Correlation Engine aggregates intelligence gained
through this research, assembles it in real time, and distributes it
transparently to SocketShield users, providing exploit-specific protection
in minutes.
Pricing, Specifications and Availability
SocketShield is now available for free 15-day trials from Exploit
Prevention Labs' web site at http://www.explabs.com. The product supports
all 32- and 64-bit versions of Windows and requires minimal computing
resources to operate. At the conclusion of the 15-day trial, users can
purchase a license, including a one-year subscription covering unlimited
software updates and online technical support for $29.95. Volume discounts
are available.
About Exploit Prevention Labs
Founded by information security veterans Bob Bales and Roger Thompson
in 2005, Exploit Prevention Labs develops security software to protect
against vulnerability exploits. SocketShield, the company's flagship
product, provides patent-pending protection against zero-day exploits
during the critical risk window between the announcement of a vulnerability
and the provision of a patch by the vendor. More information about Exploit
Prevention Labs and SocketShield may be found on the company's website at
http://www.explabs.com
Media Contact:
Kerry Swanson/Mark Coker
Dovetail Public Relations
408-395-3600
xpl at dovetailpr.com
SOURCE Exploit Prevention Labs
 back to top
Related links:
http://www.explabs.com/
CONTACT:
Kerry Swanson, or Mark Coker, both of
Dovetail Public Relations, +1-408-395-3600, xpl@dovetailpr.com,
for Exploit Prevention Labs
|
