Eset Delivers Generic Patch for Microsoft Word Vulnerability

Discussion in 'NOD32 version 2 Forum' started by Marcos, May 23, 2006.

Thread Status:
Not open for further replies.
  1. Marcos

    Marcos Eset Staff Account

    Nov 22, 2002
    Eset NOD32 Antivirus Software Delivers First Heuristic Protection
    against Future Attacks

    SAN DIEGO – May 22, 2006 – Eset, a global provider of security software for enterprises and consumers, today announced its rapid response to the new zero-day exploit against Microsoft Word. After quickly identifying the dangers posed by the new vulnerability, Eset immediately developed the world’s first proactive, generic protection against current and future exploits. As a result, Eset’s NOD32 antivirus software enables users to safely use the popular word-processing application until Microsoft releases an official patch.

    The malicious software is distributed via email as a Microsoft Word file attachment. When the document is opened by the user, the exploit passes through existing protection like a bullet and installs a Trojan on the host PC. While the existing exploits only targets a specific organization, the malicious code presents opportunities for copycat activities, which could have a much more global and severe impact. Eset warns that a wave of malware variants based on this exploit is likely, citing a similar pattern for the Microsoft Windows Metafile exploit that was released in late December 2005. Within a few days of the initial exploit being reported, there was massive spamming of malware occurred to download adware, spyware and other malware to users' PCs.

    “This new vulnerability further emphasizes the need for proactive protection and detection of zero-day threats. NOD32’s ThreatSense® detection is already protecting its users from future attacks,” said Andrew Lee, Chief Research Officer at ESET.

    Engineers at Eset very quickly realized the danger that such an exploit poses to their customers, and were able to develop a solution that generically blocks any attempt to use this vulnerability. The success was confirmed by the independent testing labs Andreas Marx, AV-Test CEO, said “Eset was not only one of the first anti-virus companies which had signatures in place to stop the already known attacks used by the Win32/GenWui Trojan, but they also had the first generic detection in place on May 21 around midnight (GMT). This effectively prevents all future malware attacks attempting to exploit this zero-day vulnerability in Microsoft Word.”

    As of early Sunday morning on May 21, 2006 (CET), Eset customers with ThreatSense® Update version 1.1551 are proactively protected against this vulnerability. Eset NOD32 Antivirus software automatically updates to the new version, requiring no action from end-users in most cases. Eset’s patented ThreatSense technology leverages advanced heuristics to ensure NOD32 customers are already protected from future variants of attacks against this vulnerability. When the system detects new forms of malware, they are automatically blocked and rendered harmless.
    Last edited by a moderator: May 26, 2006
  2. nonmirecordo

    nonmirecordo Registered Member

    Jul 19, 2004
    Cambridgeshire, UK
    What took you so long?

    Seriously, I read in my email this morning (UK) the Eset newsletter announcing the fix and then read all the warnings about the exploit from other newsletters to which I subscribe.

    Nice warm feelings!
  3. nameless

    nameless Registered Member

    Feb 23, 2003
    OK, how wonderful this all is, but regarding this:

    How does one check what "ThreatSense Update version" is installed? Is this just referring to the "Virus signature database version" shown in NOD32's Update and Information dialogs?

    If so, it would have been nice to say as much. But that wouldn't sound as esoteric and proprietary, I guess.
  4. Firecat

    Firecat Registered Member

    Jan 2, 2005
    The land of no identity :D

    Perhaps updates are distributed via the ThreatSense network, which is why its called ThreatSense update.
  5. Access Denied

    Access Denied Registered Member

    Aug 8, 2003
    Computer Chair
    NOD32 kicks mucho arse as usual. Always teh measuring stick, often imitated, but never duplicated.....NOD32 Heuristics. *puppy*
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.