Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Malware analysis platform protects against zero-day IE vulnerability

FireEye : 20 January, 2010  (New Product)
FireEye Analysis and Control Technology is providing customers of the IT security protection company with pre-emptive protection against the unpatched flaw discovered in Internet Explorer
FireEye has confirmed that the FireEye Analysis & Control Technology (FACT) engine has provided pre-emptive protection to enterprise, federal and higher education customers against the current Internet Explorer (IE) zero-day vulnerability (see Microsoft Security Advisory 979352). FireEye provided protection from this sophisticated and targeted zero-day attack without any changes or content updates to the product. As the broad implications of the 'Operation Aurora' attacks were disclosed, FireEye worked with customers to determine if they had been singled out. In several cases, it was confirmed that 'Operation Aurora' had indeed targeted their network and that the FireEye security technology had identified the IE malware attacks; the same attacks recently disclosed targeting high-profile technology companies.

At multiple production sites, FireEye and its customers established that there were attempts made to exploit the IE zero-day vulnerability. Real-time detections were made in the FACT engine without any new rules or post-mortem analysis to manually develop security content. Within the FireEye virtual machine analysis environment, dropper malware was found to install and subsequently download a Hydraq Trojan payload. Hydraq then established an outbound connection to command-and-control servers providing the cyber criminals behind the attack full administrative access to the end system, including but not limited to manipulating files, processes, installing new malware, disabling auto-patching, and even uninstalling endpoint security. The IE zero-day exploit has now been documented and made publicly available.

"Despite having traditional network security and antivirus widely deployed, 'Operation Aurora' was able to breach dozens of major corporate networks using sophisticated techniques, such as code obfuscation and a zero-day application vulnerability," said Marc Maiffret, chief security architect at FireEye. "Modern malware employs such a wide range of exploits and evasion tactics that it has made traditional security technologies obsolete. FireEye's real-time, multi-protocol content analysis within virtual machines is proving to be the only integrated defense able to accurately identify zero-day attacks."

FireEye network security appliances protect customers against zero-day attacks through advanced malware analysis across multiple protocols, including but not limited to HTTP, IRC, FTP and SMTP. Conducting deep packet inspection via highly instrumented virtual machines, the FACT engine is able to identify both previously infected machines as well as systems under attack. Organizations who are concerned they may have been attacked or are at risk of being targeted should contact FireEye for a network security review.

"The reality is these cyber attacks are regular occurrences in today's Internet threat landscape. However, 'Operation Aurora' represents a clear escalation of the use of custom, targeted malware against enterprises," said Ashar Aziz, founder and CEO of FireEye. "It is critical that company executives recognize the threat posed by highly sophisticated modern malware, whether you call them botnets, Trojans, worms, or viruses."

FireEye customers benefit from the combination of next-generation malware protection and an extensive malware intelligence network to enhance their overall cyber security infrastructure. FireEye's network security appliances deploy quickly filling the security gaps in traditional antivirus, intrusion detection and secure Web gateways to protect against targeted attacks such as 'Operation Aurora.'
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo