Exploit Prevention Labs
Home
  Products
  Threat Center
  Support
  About Us
  Media Center
  Contact Us
 
Quick Links
In the News
Press Releases

 

 
Media Center

Press Releases

EXPLOIT PREVENTION LABS SHIPS SOCKETSHIELD;
PROTECTS AGAINST DRIVE-BY DOWNLOADS AND ZERO-DAY EXPLOITS

Strong Interest from Large Enterprises Prompts Exploit Prevention Labs to
Accelerate Development of Corporate Version

June 19, 2006 – Atlanta, GA – Exploit Prevention Labs, a developer of anti-exploit software for protection against drive-by downloads and zero-day exploits, today announced that it has successfully completed beta-testing of its flagship SocketShield software. SocketShield is now available for purchase at http://www.explabs.com.

SocketShield is the industry’s first reliable solution to protect Internet users against the growing threat of drive-by downloads, zero-day attacks, malicious web sites, and other crimeware exploits that target vulnerabilities in unpatched Windows applications. These exploits install a wide variety of malware on to users’ computers, usually in the form of a rootkit that protects the malware from detection by existing security measures. The rootkit and accompanying malware then enable the exploit distributor to perpetrate crimes such as identity theft, extortion, fraud, and espionage.

Exploit Prevention Labs also announced today it expects to ship a corporate version of SocketShield in the third quarter of this year, brought forward from the previously-forecast second quarter of 2007. Development of the corporate version has been accelerated following strong interest in the beta version of the single-user product from businesses struggling to protect systems against vulnerability exploits until vendor patches are available. The first corporate version of SocketShield will provide network-based centralized configuration and deployment. Reporting and forensic analysis capabilities will be added in later releases.

Unlike traditional malware such as viruses or trojans that are largely created by thrill-seeking individuals trying to create chaos, zero-day exploits are part of a growing category of malicious and frequently for-profit applications used by international criminal cyber-gangs. Similar to the business model employed by spammers, the exploit distributors utilize a tiered distribution system usually composed of a single master exploit server that controls a large network of innocent looking servers or web sites which act as lures for unwitting visitors. Simply by visiting the site, users are silently infected with exploit code through a drive-by download.

Trusted Web Sites No Longer Trustworthy
Trusted web sites are no longer as trustworthy as they once were. Even reputable sites are being invisibly hacked and used to deliver exploits to unwitting visitors. Most users are directed to these sites from search engines such as Google, Yahoo or MSN.

Recently, Exploit Prevention Labs analyzed the exploit distribution network established by just one cyber criminal organization and found that it was using a network of 40 domains, each of which had an average of 500 lure websites linking into it, giving it a reach of 20,000 trusted web sites that were acting as lures for innocent web surfers. The operators of most of these innocent-looking yet compromised sites are completely unaware that their sites have been hijacked or that they’re infecting their visitors with malicious code.

Frequently, the hack consists simply of an i-frame - a one-pixel-square (and thus invisible to the naked eye) command used to embed an html page from anywhere into any other web page. Compromised sites are sometimes hacked multiple times by different cyber criminal organizations, who serve up the same exploits using different i-frame commands.

“Zero day attacks are more dangerous today than they were in the past,” said Roger Thompson, CTO and co-founder of Exploit Prevention Labs. “A handful of exploit servers, leveraging tens of thousands of connected web sites each, can infect millions of web site visitors within hours of the release of a new zero-day exploit. Leveraging the early warning capabilities of our distributed Exploit Intelligence Network of probes and hunting pots, as well as automated research alerts we receive from our thousands of users, we’re often able to identify these new exploits before they’re released, and then update our SocketShield users. The lightweight architecture of SocketShield allows us to distribute very small incremental updates to our users in near real-time.”

SocketShield Overcomes Limitations of Traditional Security Solutions
SocketShield provides a critical layer of security that complements the defenses of conventional security solutions. Firewalls cannot stop exploits because exploits enter through the trusted communications stream of the user’s browser connection. Anti-virus and anti-spyware applications can’t protect against exploits because they must wait for the code to hit the hard disk in order to detect it, and by that time most exploits have already executed their payload. Patch management systems can’t distribute a patch until the application vendor releases it. And patching as a general practice, while critical, often fails because it relies on users taking action of their own volition.

SocketShield works at the WinSock socket level - the points of entry used by a computer to allow programs to be downloaded from the web and other sources. These sockets can be opened and closed to enable or prevent downloads. SocketShield uses the knowledge gained through Exploit Prevention Labs’ patent-pending Intelligence Network to close any socket that a known or suspected exploit is attempting to use.

The Intelligence Network brings together a unique combination of research techniques:

• Exploit Intelligence is an extended network of human researchers and automated probes, honeypots and search bots focused on discovering new vulnerabilities and exploit examples
• The Reputation Filter creates an intelligent filter for known and suspected exploit distribution sites.
• Community Intelligence is a community of SocketShield users who allow information about attempted exploitation of their computers to be transferred to Exploit Prevention Labs

The SocketShield Correlation Engine aggregates intelligence gained through this research, assembles it in real time, and distributes it transparently to SocketShield users, providing exploit-specific protection in minutes.

Pricing, Specifications and Availability
SocketShield is now available for free 15-day trials from Exploit Prevention Labs’ web site at http://www.explabs.com. The product supports all 32- and 64-bit versions of Windows and requires minimal computing resources to operate. At the conclusion of the 15-day trial, users can purchase a license, including a one-year subscription covering unlimited software updates and online technical support for $29.95 per year. Volume discounts are available.

About Exploit Prevention Labs
Founded by information security veterans Bob Bales and Roger Thompson in 2005, Exploit Prevention Labs develops security software to protect against vulnerability exploits. SocketShield, the company’s flagship product, provides patent-pending protection against zero-day exploits during the critical risk window between the announcement of a vulnerability and the provision of a patch by the vendor. More information about Exploit Prevention Labs and SocketShield may be found on the company’s website at http://www.explabs.com

Media Contact:
Kerry Swanson/Mark Coker
Dovetail Public Relations
408.395.3600
xpl@dovetailpr.com

 
Home  |  Products  |  Support  |  About Us  |  Privacy Policy  |  Affiliate Program
Copyright © 2008 Exploit Prevention Labs. All rights reserved.