MENLO PARK, Calif. -- FireEyeT, Inc. announced today that its FireEye Attack Confirmation Technology (FACT) stops botnets exploiting a zero-day flaw in Microsoft's Domain Name System (DNS) server. Microsoft has publicly acknowledged the DNS server vulnerability, but stated that there is no patch available currently. Thus, even enterprises who have installed the very latest patches are left defenseless. Bot herders are now actively exploiting this vulnerability to grow their botnets.
"Botnets are pervasive on the Internet and use zero-day vulnerabilities, such as Microsoft's DNS vulnerability, to grow their armies," said Ashar Aziz, CEO of FireEye. "Botnets enable theft of enterprises' customer data and intellectual property, and can be used to commit fraud and crime on a large scale. Enterprises should be very concerned about brand damage and legal liability due to botnets on their networks."
Antivirus and intrusion detection technologies fail to detect exploits using zero-day flaws, since they are unknown and no signatures exist for them. This lack of coverage is common, as signature-based technologies cannot keep up with the flood of malware variants created by a criminal underworld. In addition, anomaly detection technologies fail to detect many botnet exploits without burying administrators in false positives.
Without signature updates, behavioral tuning, or false positives, FireEye protects enterprise networks from botnets and other malware. The FACT engine confirms within victim virtual machines any attempt to exploit systems on the network. To protect enterprise DNS infrastructure, the FACT engine confirms the attempt to exploit the DNS service. FireEye's unique application of virtualization to network security addresses the rapid proliferation of botnets and other crimeware - malicious software designed to steal intellectual property, customer information, employee identities and more.
Microsoft Corp. (Nasdaq: MSFT)