Exploit Shield – F-Secure's Solution to Zero-Day Exploits

Newsfeed

Nachrichtenbote
Our previous post highlighted a recently disclosed vulnerability which exists in Microsoft Internet Explorer… and that there are currently websites hosting exploits targeting the vulnerability. Today our Vulnerability Response team would like to offer you our Security Labs' solution, which is now publicly available for download.

We call it Exploit Shield.

Exploit Shield protects against exploits both responsively and proactively. It has both shields and generic heuristics that monitor for and block suspected malicious activity. It logs attack attempts; and will also report suspicious URLs to our Real-time Protection Network1. New shields are delivered via our automatic update channel servers.

F-Secure_Exploit_Shield_Beta_01.png


Vulnerability Shields offer "Patch-equivalent protection". Our Vulnerability Analysts, primarily based in Kuala Lumpur, publish vulnerability advisories and detections (used by our Health Check2 service). The Vulnerability team then uses the analysis to create exploit shields. The shields utilize either a hotpatch or else will disable the vulnerable ActiveX plugin.

F-Secure_Exploit_Shield_Beta_02.png


This is what shield details look like:

F-Secure_Exploit_Shield_Beta_CVE-2008-3008.png


The Proactive Measures currently block suspected malicious activity in Internet Explorer and Mozilla Firefox. This component of the beta monitors for heuristic behavioral techniques common to many types of exploits. We've tested the proactive component against a couple of malicious sites targeting the vulnerability, and the attacks have been successfully blocked.

F-Secure_Exploit_Shield_Beta_03.png


As noted above, Exploit Shield has the option to report malicious websites that are blocked.

F-Secure_Exploit_Shield_Beta_04.png


What do we do with the reported URL? The Response Lab will use it to respond faster. We have "HoneyMonkey" like systems to collect the exploit samples. Thus we'll have a greater ability to collection exploits and add signature detections to protect all of our customers. Exploit Shield users will help contribute to everyone's protection while remaining protected.

You can download a wmv video by Patrik demonstrating Exploit Shield in action.



—

You will find the download link on our Labs site.

—

Our Vulnerability Response team has been working very hard in the last few day to make this beta release ready at this time. Remember, it's still in beta, and you can help them by testing and by providing feedback. A big thank you is due to all those involved.

—

Footnote1 The current version of our DeepGuard Technology utilizes cloud-based networking lookups to our Real-time Protection Network. We'll cover that in a future weblog post.

Footnote2 Try Health Check. It's free and assists in updating and patching third-party applications. On 17/12/08 At 10:45 AM



Weiterlesen...
 
Zurück
Oben