Eset Delivers Generic Patch for Microsoft Word Vulnerability

Discussion in 'NOD32 version 2 Forum' started by Marcos, May 23, 2006.

Thread Status:
Not open for further replies.
  1. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Eset NOD32 Antivirus Software Delivers First Heuristic Protection
    against Future Attacks


    SAN DIEGO – May 22, 2006 – Eset, a global provider of security software for enterprises and consumers, today announced its rapid response to the new zero-day exploit against Microsoft Word. After quickly identifying the dangers posed by the new vulnerability, Eset immediately developed the world’s first proactive, generic protection against current and future exploits. As a result, Eset’s NOD32 antivirus software enables users to safely use the popular word-processing application until Microsoft releases an official patch.

    The malicious software is distributed via email as a Microsoft Word file attachment. When the document is opened by the user, the exploit passes through existing protection like a bullet and installs a Trojan on the host PC. While the existing exploits only targets a specific organization, the malicious code presents opportunities for copycat activities, which could have a much more global and severe impact. Eset warns that a wave of malware variants based on this exploit is likely, citing a similar pattern for the Microsoft Windows Metafile exploit that was released in late December 2005. Within a few days of the initial exploit being reported, there was massive spamming of malware occurred to download adware, spyware and other malware to users' PCs.

    “This new vulnerability further emphasizes the need for proactive protection and detection of zero-day threats. NOD32’s ThreatSense® detection is already protecting its users from future attacks,” said Andrew Lee, Chief Research Officer at ESET.

    Engineers at Eset very quickly realized the danger that such an exploit poses to their customers, and were able to develop a solution that generically blocks any attempt to use this vulnerability. The success was confirmed by the independent testing labs AV-Test.org. Andreas Marx, AV-Test CEO, said “Eset was not only one of the first anti-virus companies which had signatures in place to stop the already known attacks used by the Win32/GenWui Trojan, but they also had the first generic detection in place on May 21 around midnight (GMT). This effectively prevents all future malware attacks attempting to exploit this zero-day vulnerability in Microsoft Word.”

    As of early Sunday morning on May 21, 2006 (CET), Eset customers with ThreatSense® Update version 1.1551 are proactively protected against this vulnerability. Eset NOD32 Antivirus software automatically updates to the new version, requiring no action from end-users in most cases. Eset’s patented ThreatSense technology leverages advanced heuristics to ensure NOD32 customers are already protected from future variants of attacks against this vulnerability. When the system detects new forms of malware, they are automatically blocked and rendered harmless.

    http://www.eset.com/company/article.php?contentID=1404
     
    Last edited by a moderator: May 26, 2006
  2. nonmirecordo

    nonmirecordo Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    145
    Location:
    Cambridgeshire, UK
    What took you so long?

    Seriously, I read in my email this morning (UK) the Eset newsletter announcing the fix and then read all the warnings about the exploit from other newsletters to which I subscribe.

    Nice warm feelings!
     
  3. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    OK, how wonderful this all is, but regarding this:

    How does one check what "ThreatSense Update version" is installed? Is this just referring to the "Virus signature database version" shown in NOD32's Update and Information dialogs?

    If so, it would have been nice to say as much. But that wouldn't sound as esoteric and proprietary, I guess.
     
  4. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Yes.

    Perhaps updates are distributed via the ThreatSense network, which is why its called ThreatSense update.
     
  5. Eliot

    Eliot Registered Member

    Joined:
    Aug 8, 2003
    Posts:
    854
    Location:
    Arkansas, USA
    NOD32 kicks mucho arse as usual. Always teh measuring stick, often imitated, but never duplicated.....NOD32 Heuristics. *puppy*
     
Thread Status:
Not open for further replies.