Business/Technology Editors
SEATTLE--(BUSINESS WIRE)--Feb. 10, 2000--
eSafe Protects Windows Machines Against DDOS Hackers: Experts
Recommend Proactive Security Technologies on all Platforms
Aladdin Knowledge Systems (NASDAQ: ALDN), a global leader in the
field of digital content security, today announced its eSafe line of
products will protect users against the Windows-based version of the
computer Trojan responsible for the recent Denial of Service attacks
crippling major Internet sites across the country. Aladdin has
obtained samples of a Windows-based attack Trojan and submitted it to
the International Computer Security Association (ICSA.Net) for
analysis and distribution to the rest of the content security
community.
THE SECURITY RISK:
Over the past few days high profile e-commerce sites, including
CNN, AMAZON.COM, EBAY, BUY.COM, YAHOO, and E*TRADE have been hit by
sophisticated denial of service attacks, designed to overwhelm
targeted Internet sites with bogus requests, preventing access by
legitimate users. These recent denial of service (DOS) attacks have
been mounted from as many as 1000 computers, although the number has
been as little as 3-4 powerful computers. The fact that these DOS
attacks originate from several machines at the same time is what sets
these Distributed Denial of Service (DDOS) attacks apart from previous
DOS attacks.
To execute these attacks, the hacker plants many copies of an
Attack Trojan on multiple machines, either by hacking into the
machines and planting the Trojans manually, or (the more preferred
method) sending the Trojan to someone who uses that machine via email
and tricking them into executing the Trojan. When executed, the Trojan
will embed itself in the system and hibernate until such time as the
hacker wishes to begin his attack on the actual target.
To begin the actual attack, the hacker issues a series of "GO"
commands to the Attack Trojans. The Attack Trojans then begin their
overwhelming attack against the final target.
THE FUTURE IMPACT:
The majority of recent DDOS attacks have been launched by
Unix-based Attack Trojans due to access to higher bandwidth
connections. Although these Attack Trojans have yet to be found in
Windows-based PCs, security experts agree that it is only a matter of
time before Windows-based PCs become used as "zombie machines" to
attack other targets. Actual Windows-based Attack Trojans have been
found in the wild available for using by hackers around the world.
Peter Tippett, Ph.D., M.D., respected security researcher and
Chief Technology Officer at ICSA.Net, emphasized the need for
proactive security measures. "DDOS attacks cannot be stopped by
relying on conventional, reactive technologies and security policies
alone. By the time the attack has been analyzed and a response put in
place, the damage has already been done," Tippett said. "Effective
mitigation of the risk posed by DDOS attacks must come from adherence
to generic and proactive security policies, adoption of proactive
technologies designed look for hostile actions not specific
signatures, and forward-thinking security planning."
Experts recommend that network administrators guard against the
use of their machines for DDOS attacks by adopting proactive security
measures and closing operating system holes.
"DDOS attacks are difficult to prevent once underway, due to
their randomness and the complexity of the networks involved.
Preventing the spread of Attack Trojans by signatures or pattern
matching alone, as standard anti-virus engines do, is next to
impossible, due to the ease of changing code settings and creating
many new variants of those Attack Trojans," said David Dittrich, noted
DDOS attack expert and security researcher at the University of
Washington. "Adequate protection against infection by these Attack
Trojans can only be obtained by closing operating system security
holes, adopting proactive and generic security policies, and utilizing
proactive technologies that are based on generic protection."
THE SOLUTION
eSafe Enterprise and eSafe Desktop automatically protect users
against this form of Internet vandal through eSafe's exclusive Sandbox
technology. eSafe's Sandbox monitors the network or PC for malicious
or inappropriate activity. When abnormal activity is detected, eSafe's
Sandbox technology automatically quarantines the vandal and blocks the
action, preventing access to vital information and damage to network
resources. Because eSafe proactively monitors all system activity,
rather than scanning for pre-defined or recognized malicious code, it
is able to stop vandals without the need for security patches or
program updates.
ABOUT ESAFE
Aladdin's eSafe product suite, which includes eSafe Desktop,
eSafe Enterprise and sSafe Gateway, provides the most comprehensive
protection available against hostile content security threats on the
Internet and gives users confidence in their ability to navigate the
Internet safely. eSafe is the only comprehensive suite of content
security solutions on the market to provide proactive protection from
the gateway to the desktop. It also is the only one to provide Total
Sandbox Quarantine(tm) protection against all forms of malicious
content including viruses, vandals and worms. A unique feature found
only in Aladdin's eSafe solutions, the sandbox erects a protective
wall around vital system files and isolates all potentially dangerous
viruses, vandals and worms in a sterile environment, preventing them
from damaging, infecting or stealing from system resources.
Much more than anti-virus protection, the eSafe suite of products
enables businesses to:
-- block users ability to alter vital system files, thereby
reducing IT maintenance and repair costs.
-- stop access to web sites with inappropriate or malicious
content, such as hate literature or pornography, or those sites known
to propagate viruses.
-- restrict outgoing emails from sending classified or prohibited
content.
ABOUT ALADDIN
Aladdin (NASDAQ:ALDN) is a global leader in securing digital
content, from applications software to Internet use and access.
Aladdin's products include HASP and Hardlock, software security
systems that protect the revenues of developers and publishers;
Privilege, a software licensing platform for the Internet; the eSafe
line of anti-vandal, anti-virus and content filtering software for PCs
and networks connected to the Internet; and eToken for Internet
security and authentication. Aladdin serves its customers through
eight offices located in the world's major software markets as well as
a network of 50 distributors serving more than 100 countries. For more
information, visit the Aladdin web site at www.aks.com. |
