informa
3 min read
News

Security App Protects Against Windows Attack

eEye's Blink Personal stops Windows zero-day attack that's building around the Internet

eEye Digital Security 's timing couldn't be better: Starting today it's offering the latest version of its Blink Personal Internet Security consumer product for free, which comes with antivirus and anti-spyware as well as its standard personal firewall/vulnerability assessment package. The freebie software also comes with a bonus -- defense against the latest Windows zero-day exploit, which gives an attacker full control of an infected system. eEye late last week released one of the first temporary patches for the new .ANI exploit, which has been gathering steam over the past few days.

The zero-day attacks are being staged mainly from host systems in China and had spread to over 100 Websites as of this morning, according to Websense, and have prompted Microsoft to release an off-cycle, critical patch tomorrow, and ZERT to release a patch on Friday. The exploit, which embeds a malicious .ANI file in a Webpage, requires that a user visit the infected Website, or open a bad Microsoft Office file. Some researchers have observed worm-like behavior, and note that it's not limited to animated cursors but is also showing up in JPG files on Websites.

eEye's patch prevents the exploit from working, but according to ZERT, it does not fix the flawed copy routine that's at the heart of the problem, and could "break third-party applications that use animated cursors within their own program directories," according to ZERT's advisory. ZERT says its patch goes further.

Meanwhile, eEye in November began offering the previous version of Blink Personal -- personal firewall and VA tool -- as a freebie. Ross Brown, CEO of eEye, says his company added its AV and anti-spyware technology to provide an easier-to-use and smaller footprint option for consumers than what's currently out there for them.

"We're hearing two frustrations: that antivirus and firewall aren't protecting me and I’m still getting bot-infected," Brown says. "The things hitting them are not designed to be stopped by AV or firewalls and they're not getting caught by heuristic AV."

Brown says eEye used six months' worth of data from its Neighborhood Watch program -- where it logs and analyzes attack data from consumer users -- and built a new rule-set for Blink Personal. He says the all-in-one tool should be easier for less technically savvy users, although he admits eEye has not had a big consumer presence. "It's never been a huge business for us."

He says the free consumer tool will also help eEye gather the data to build a better commercial product for its traditional business -- commercial and security-savvy users. The company is offering a free one-year subscription, but it doesn't intend to start charging for Blink Personal after the one year is up. "The renewal will probably be free again, too."

— Kelly Jackson Higgins, Senior Editor, Dark Reading