NEWS FROM THE LAB - Monday, January 18, 2010

F-Secure's Exploit Shield Blocks the "Aurora" Exploit Posted by Alia @ 05:52 GMT

Microsoft recently announced a new vulnerability in certain versions of its Internet Explorer web browser. If exploited, the vulnerability (CVE 2010-0249) can allow remote code execution.

Announcement of this vulnerability follows on the heels of last week's targeted zero-day attacks against a number of companies.

Since we are talking about a targeted attack, many companies and organizations have contacted us asking about solutions for attacks like this. We're happy to report that F-Secure Internet Security blocked this exploit proactively. This is made possible by the Exploit Shield element in our Browsing Protection feature.

So far we've only seen a handful of samples that exploit this vulnerability. To protect users with older versions of our products and to add gateway detection, we have added specific detection for the known samples as well. We detect the exploit code as Exploit:JS/Agent.MZF, while the payload is detected as Exploit:JS/Comele.A.

Below is a quick video showing the Exploit Shield feature in action. It isn't narrated, but the whole thing is pretty straightforward.

Not all antivirus solutions are equal. Our Exploit Shield was able to block "Operation Aurora" attacks before they were made.