PRESS RELEASE

IRVINE, CA--(Marketwire - March 31, 2009) -- In response to Conficker, breed of self-updating worms that is difficult to avoid, Researchers at eEye Digital Security (www.eeye.com) have devised a Conficker detection engine that centers on running a network scan to detect hosts compromised or vulnerable to Conficker. In a proactive measure to protect users, starting today, organizations can download from eEye a free utility that is built around the company's Retina Network Security Scanner that will detect hosts that are compromised with this latest worm and malicious botnet or do not have MS08-067 applied, the most effective propagation technique that Conficker uses.

The Retina Utility from eEye can be downloaded at: http://www.eeye.com/html/downloads/other/ConfickerScanner.html

The Conficker worm utilizes a variety of attack vectors to transmit and receive payloads, including: software vulnerabilities (e.g. MS08-067), portable media devices (e.g. USB thumb drives and hard drives), as well as leveraging endpoint weaknesses (e.g. weak passwords on network-enabled systems). The Conficker worm will also spawn remote access backdoors on the system and attempt to download additional malware to further infect the host.

"The Conficker worm represents predictions eEye has been making for years," said eEye CEO Kamal Arafeh. "Blended threats can take advantage of a missing patch, propagate though a USB key, create a silent but crippling peer-to-peer network, and provide the stealthiest capabilities of a botnet using complex command and control methods. eEye Research has developed solutions to protect against these threats as monolithic entities and when combined, our solutions are very effective in identifying and stopping the propagation of blended threats such as Conficker."

The Retina Network Security Scanner thwarts network exploits and data loss attacks by analyzing specific pieces of operating systems, applications, and policies. The tool identifies high-risk host components and determines how malware such as the forthcoming Conficker worm can potentially leverage systems for malicious activity due to missing patches, poor configurations, and vulnerabilities. In addition to the detection of the Conficker worm, eEye Digital Security's Blink Endpoint Protection Platform can effectively protect hosts, even if they are not patched, from the propagation of this worm. Using protocol based IPS analyzers, Blink can detect and stop the malicious traffic associated with MS08-067 and block the worm from self propagating. For installations that are already infected, Blink's multi layer antivirus engine will remove the Conficker worm and provide protection until a permanent remediation is performed on the host.

System Requirements to download eEye Retina Utility for Conficker:

-- Operating System: Windows 2000/XP/2003 -- Internet Explorer Version 5.01 or higher -- System RAM: 128 MB -- Storage: 20 MB Related Links & Resources: The HoneyNet Project: http://www.honeynet.org/papers/conficker/

Felix Leder and Tillmann Werner Analysis: http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker

Microsoft Advisory - 967940 http://www.microsoft.com/technet/security/advisory/967940.mspx

Microsoft Malware Protection Center: http://tinyurl.com/absz6f

Microsoft Security Bulletin MS08-067: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

SANS - Internet Storm Center: http://isc.sans.org/diary.html?storyid=5860

Shadowserver Foundation: http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090212

About eEye Digital Security eEye Digital Security is a leader in vulnerability management, endpoint security, anti-virus software and IT security research. The company's advanced security solutions help technology professionals protect the networks and digital assets of more than 9,000 corporate and government organizations worldwide. Founded in 1998, eEye Digital Security is headquartered in Orange County, California. For more information, please visit www.eEye.com.

All trademarks contained within this press release are the sole property of their respective owners and are hereby acknowledged.