Exploit Prevention Labs
Home
  Products
  Threat Center
  Support
  About Us
  Media Center
  Contact Us
 
Quick Links
In the News
Press Releases

 

 
Media Center

Press Releases

SECURITY SOFTWARE VETERANS LAUNCH EXPOIT PREVENTION LABS TO DELIVER BREAKTHROUGH PROTECTION AGAINST ZERO-DAY EXPLOITS

First Product, SocketShield, Protects Users Against Drive-by Downloads,
Malicious Web Sites and other Crimeware Exploits

May 1, 2006 – Bob Bales and Roger Thompson, two computer security industry pioneers, have joined forces to launch Exploit Prevention Labs, a new computer security software company. The company's first product, SocketShield, now in beta, protects Internet users against the growing threat of zero-day exploits that take advantage of unpatched vulnerabilities in Windows operating systems and applications. These exploits usually involve drive-by downloads of rootkits that assume remote command and control over the victim's computer to perpetrate crimes such as identity theft, extortion, fraud, and espionage.

Unlike traditional malware such as viruses or trojans that are created by thrill-seeking programmers trying to create chaos, zero-day exploits are part of a growing category of malicious and frequently for-profit applications used by international criminal cyber-gangs. Sometimes referred to as crimeware, these for-profit exploits are usually delivered in the form of drive-by downloads intended to take advantage of unpatched vulnerabilities as soon as those vulnerabilities have been announced. The distribution mechanism used by these exploits is analogous to a spam distribution network: the originator of the exploit code sets up one server to distribute the code to a network of servers that in turn serve up the exploit code as a drive-by download under the guise of a seemingly innocuous web page. Many of these distributors are paid a commission for each download they deliver. In this way, millions of computers can be infected with the exploit in a very short period of time, hence the term zero-day exploit.

Microsoft and other applications vendors require an average of two months, and sometimes up to six months, to develop patches to fix newly discovered vulnerabilities. During this time period, known as "the risk window," Internet users are unprotected against exploits. In December of 2005, for example, the Windows Metafile (WMF) vulnerability was discovered and, within days, cyber-criminals such as the CoolWebSearch gang were distributing drive-by downloads to victims' computers. There even emerged an underground exchange where exploit authors were offering to sell their crimeware code to the highest bidders.

"It's simply impossible for application vendors to develop instant fixes for newly-discovered exploits," said Roger Thompson, co-founder and chief technical officer of Exploit Prevention Labs. "It takes weeks or months for application vendors to release a patch because it must be thoroughly tested to ensure it doesn't adversely affect the application or any other application that might be installed on the user's system. SocketShield prevents exploits from gaining access to users' computers during the risk window before the permanent patch can be applied."

With SocketShield, Thompson and his team have developed the industry's first zero-day exploit blocker. It does this by monitoring the browser's communications stream and stopping known exploits from getting past the browser. The technology is powered by Exploit Prevention Labs' patent-pending Intelligence Network, which brings together a unique combination of research techniques:

  • Exploit Intelligence is an extended network of human researchers and automated probes, honeypots and search bots focused on discovering new vulnerabilities and exploit examples
  • The Reputation Filter creates an intelligent filter for known and suspected exploit distribution sites.
  • Community Intelligence is a community of SocketShield users who allow information about attempted exploitation of their computers to be transferred to Exploit Prevention Labs

The SocketShield Correlation Engine aggregates intelligence gained through this research, assembles it in real time, and distributes it transparently to SocketShield users, providing exploit-specific protection in minutes.

SocketShield Overcomes Limitations of Traditional Security Solutions

Conventional security solutions are unable to prevent most drive-by downloads, zero-day attacks, and other exploits. Firewalls don't sound the alarm because exploits infiltrate through the user's trusted web browser connection. Anti-virus and anti-spyware applications can't protect against exploits because they must wait for the code to hit the hard disk, and by that time most exploits have already executed their payload. Patch management systems can't distribute a patch until the application vendor releases it. And patching as a general practice, while critical, often fails because it relies on users taking action of their own volition.

"SocketShield is a smart choice for protection against known but unpatched vulnerabilities," said Bob Bales. "SocketShield provides a critical extra layer of security, while complementing existing firewall, anti-virus and anti-spyware defenses."

Exploit Prevention Labs Founded by Security Industry Pioneers

Exploit Prevention Labs was founded by Bob Bales and Roger Thomson in late 2005. Bales, known by some as the "father of the anti-spyware industry," founded PestPatrol, the pioneering anti-spyware software firm, in 2000 that was acquired by Computer Associates in 2004. Prior to PestPatrol, Bales served as founder and CEO of the National Computer Security Association, a global security services firm that later became TruSecure Corporation, which itself was later merged into Cybertrust.

SocketShield's technology is the brainchild of Roger Thompson, Exploit Prevention Labs' co-founder and CTO, and one of the computer security industry's most respected visionaries. Prior to founding Exploit Prevention Labs, Thompson served as director of malicious content research at Computer Associates, which had acquired his previous employer, PestPatrol. As Development VP at PestPatrol, he helped build the company's world-class anti-spyware back end. Thompson's computer security career began in 1987 when he founded Leprechaun Software, Australia's first anti-virus company.

Other senior executives of Exploit Prevention Labs bring experience from Zone Labs, Symantec, Trend Micro and McAfee, as well as from PestPatrol.

Pricing, Specifications and Availability

A beta version of SocketShield is now available for free download from Exploit Prevention Labs' web site at http://www.explabs.com. The product supports all 32- and 64-bit versions of Windows and requires minimal computing resources to operate. Once the product completes beta, one-year subscriptions will be available at $29.95 per year, including free unlimited updates during the subscription period. Volume discounts are available.

About Exploit Prevention Labs
Founded by information security veterans Bob Bales and Roger Thompson in 2005, Exploit Prevention Labs develops security software to protect against vulnerability exploits. SocketShield, the company's flagship product, provides patent-pending protection against zero-day exploits during the critical risk window between the announcement of a vulnerability and the provision of a patch by the vendor. More information about Exploit Prevention Labs and SocketShield may be found on the company's website at www.explabs.com.

Media Contact:
Kerry Swanson/Mark Coker
Dovetail Public Relations
408.395.3600
xpl@dovetailpr.com

 
Home  |  Products  |  Support  |  About Us  |  Privacy Policy  |  Affiliate Program
Copyright © 2008 Exploit Prevention Labs. All rights reserved.