Exploit Prevention Labs
Home
  Products
  Threat Center
  Support
  About Us
  Media Center
  Contact Us
 
Quick Links
In the News
Press Releases

 

 
Media Center

Press Releases

EXPLOIT PREVENTION LABS PROTECTS MYSPACE USERS AGAINST AD-BASED EXPLOITS

SocketShield Detects Exploit-infected Ads, Protects Users Against Drive-by Malware Downloads

July 19, 2006 – Atlanta, GA – Users of MySpace, the popular social networking site, have joined the ranks of unwitting victims of cybercriminals using banner ads to distribute vulnerability exploits. If their PCs had been protected by Exploit Prevention Labs’ SocketShield, this would not have been the case.

The infected ad, for a company named DeckOutYourDeck.com, has been found by security researchers to be running on several popular networking and file-sharing sites, ideal trolling grounds for the often-innocent “lure” sites used by exploit distribution networks to acquire new victims. The DeckOutYourDeck.com site itself is clean; only the ad was being used as an infection vector. The exploit takes advantage of a Windows Metafile vulnerability that was first identified in December of last year. According to the exploit’s originating distribution server in Russia, the ad’s silent payload of adware has been deposited onto more than a million computers.

“Microsoft issued a patch for this exploit in early January, but clearly there are many unpatched machines out there,” said Roger Thompson, CTO of Exploit Prevention Labs. “This level of infection from a relatively old exploit shows how important it is for users to protect their systems. It’s one of the key reasons we developed SocketShield – to provide an effective, proactive defense against drive-by downloads and other exploit-driven infections until users get around to patching.”

What are Exploits?
Exploits are malware applications that take advantage of security vulnerabilities in common software such as Windows operating systems and browsers. Unlike traditional malware, such as viruses or trojans that are usually created by thrill-seeking individuals trying to cause chaos, exploits are part of a growing category of malicious and frequently for-profit applications used by international criminal cyber gangs.

Most exploit infections occur by what’s known as a drive-by download, in which malicious code is force-downloaded onto a user’s computer without their knowledge. This occurs the moment the user visits a compromised web site, which may well appear completely innocuous. The payload, usually in the form of a rootkit, then exposes the user to damage from spyware, keyloggers, and other crimeware.

Many Internet users mistakenly believe as long as they’re not visiting pornographic or illegal file sharing sites, they’re safe from exploits. The truth, however, is that the most popular sites on the web are being actively exploited by cybercriminals simply because they are popular, not because of their content.

Similar to the business model employed by spammers, the exploit distributors use a tiered distribution system, usually composed of a single master exploit server that controls a large network of servers hosting innocent-seeming web sites that in turn act as lures for unsuspecting visitors. Exploit Prevention Labs has discovered numerous exploit distribution networks in which up to 20,000 trusted and legitimate web sites had been hacked by cyber criminals who were using those sites to spread exploits.

When a surfer visits one of the sites, malicious code placed on the site silently connects to an exploit server operated by the criminals and attempts to deliver the drive-by download onto the user’s machine. If the user’s operating system or browser is unpatched for the latest vulnerabilities, their machine is infected.

About SocketShield
SocketShield is the industry’s first reliable solution to protect Internet users against the growing threat of zero-day and other crimeware exploits that target vulnerabilities in unpatched Windows applications.

SocketShield provides a critical layer of security that complements the defenses provided by traditional security solutions. Firewalls cannot stop exploits because exploits enter within the trusted communications stream of the user’s browser connection. Anti-virus and anti-spyware applications can’t protect against exploits because they must wait for the malware code to hit the hard disk in order to detect it, and by that time most exploits have already executed their payload. And effective patching relies on users ensuring that Windows is configured to install all necessary updates immediately on availability.

A trial version of SocketShield may be downloaded from the Exploit Prevention Labs website at http://www.explabs.com/ss/index.html. The software is available for purchase at a special introductory price of $19.95.

Exploit Prevention Labs also this week announced LinkScanner, a free online service a free online service that scans individual URLs for dangerous exploits (http://www.explabs.com/linkscanner).

About Exploit Prevention Labs
Founded by information security veterans Bob Bales and Roger Thompson in 2005, Exploit Prevention Labs develops security software to protect against vulnerability exploits. SocketShield, the company’s flagship product, provides patent-pending protection against zero-day exploits during the critical risk window between the announcement of a vulnerability and the provision of a patch by the vendor. More information about Exploit Prevention Labs and SocketShield may be found on the company’s website at http://www.explabs.com

Media Contact:
Kerry Swanson/Mark Coker
Dovetail Public Relations
408.395.3600
xpl@dovetailpr.com

 
Home  |  Products  |  Support  |  About Us  |  Privacy Policy  |  Affiliate Program
Copyright © 2008 Exploit Prevention Labs. All rights reserved.