Aladdin Knowledge Systems has announced that its Aladdin eSafe integrated content security and anti-virus suite stands as the only solution that proactively protects organizations from the recently discovered WMF (Windows Meta File) exploit (MS05-053). Because the primary attack vector for WMF comes from manipulated Web-based images and pop-ups that download spyware and Trojans, conventional content security solutions are unable to address this threat.
The Aladdin Content Security Response Team (CSRT) lists the WMF exploit as a "high" threat, with numerous spyware/adware sites already using several variants of exploited image files to automatically download and install various spyware and Trojan components. Currently, Aladdin eSafe, featuring unique technologies aimed at fighting off zero-day attacks, is the only gateway product capable of providing complete protection against this threat and future variants. The Windows Meta File (WMF extension) vulnerability exploits a function within the WMF library in Windows. This zero-day vulnerability allows specially constructed image files to drop malicious content on to vulnerable systems. Typical types of attack include spyware Web pages containing image files that drop and execute certain Trojans and Spyware components upon visiting the site, as well as infected pop-up windows opening when visiting referral sites or visiting sites containing embedded infected banner ads. Downloaded Trojans, in turn, download other malware, thus increasing their hold on the infected PC.
"With many desktop solutions not inspecting potentially infected images, and with a fast-growing amount of spyware sites already exploiting variants of the WMF vulnerability, the Aladdin CSRT considers this a very serious threat," said Shimon Gruper, vice president of technologies for the Aladdin eSafe Business Unit. "Because it exposes computers to such a large number of dangerous security risks, the WMF vulnerability is the most significant threat we've seen in several months. Computers can be infected with spyware without user interaction simply by visiting an infected Web site or downloading an infected image. Since many of the involved sites appear to promote pornography, drugs and pharmaceuticals, they may even be assisted by spam or even phishing emails that direct traffic to those sites. The WMF vulnerability is a serious threat that only a proactive solution such as Aladdin eSafe is designed to effectively block."
Aladdin eSafe is an integrated gateway content security solution providing proactive email security and Web browsing security. As an in-line, transparent solution, eSafe offers:
- Layered anti-spyware
- Spam management
- Application filtering
- Proactive anti-virus technologies
eSafe protects users and the enterprise from Web-borne content threats including spam, viruses, known and unknown worms, Trojans, Webpage malicious code, spyware, unauthorized P2P, Instant Messaging applications, and more. With eSafe, organizations take control before problems arise, saving valuable time as well as thousands of dollars in costly repairs, and providing content security at the gateway front line.
