Malicious Ad Servers and Crack Servers
ATLANTA, Nov. 27 // -- Exploit Prevention Labs (http://www.explabs.com), a leading developer of safe surfing software for protection against web-based exploits, today announced an expanded LinkScanner product line and new technology enhancements to combat malicious web sites, phishing, social engineering and other web-based exploits.
This development comes at a time when cybercriminals motivated by profit are stepping up their attacks against users of web-based applications such as search engines, blogs, online bank and brokerage accounts, and social networking sites. Cybercrime robs businesses and consumers of billions of dollars each year. A year ago, Valerie McNiven, an advisor to the US government, told Reuters that global cybercrime had become bigger than drug trafficking. "Last year was the first year that proceeds from cybercrime were greater than proceeds from the sale of illegal drugs, and that was, I believe, over $105 billion."
The new Exploit Prevention Labs products are LinkScanner Pro(TM) and LinkScanner Lite(TM). LinkScanner Pro(TM), a $29.95 safe surfing Windows application, provides real-time, automatic protection against malicious web sites, drive-by downloads and other crimeware exploits. LinkScanner Lite is a free application that provides Internet Explorer users with real-time scanning of Google, MSN and Yahoo search results for web-based threats, as well as on- demand scanning of individual links. Support for Firefox and other browsers and search engines is in development.
"We're living in a Web 2.0 world, where web sites interconnect in ways that traditional security defenses never anticipated," said Roger Thompson, co-founder and CTO of Exploit Prevention Labs. "Trusted web sites can't always be trusted, especially when they unknowingly harbor malicious hyperlinks. We've always protected against web-based exploits that target unpatched security vulnerabilities, and now we're extending that protection to the other most prevalent threat delivery methods of phishing and social engineering."
Online communities and applications are especially vulnerable to exploitation by cybercriminals because users connect to them via the browser's HTTP protocol, which bypasses firewall and other traditional defenses. Exploits can spread rapidly among online applications such as blogs and social networking sites, because these sites often interconnect with dozens of other online applications via HTML hyperlinks, IFRAME links, RSS and cross-site scripting not monitored by typical online security measures. As online application providers broaden the functionality of their offerings, they also increase the odds of introducing security vulnerabilities.
New LinkScanner Functionality Delivers Industry's Most Reliable Protection Against Web-based Exploits
The new LinkScanner family of safe surfing software and services delivers the industry's most reliable real-time protection against web-based exploits and malicious web sites. Building on Exploit Prevention Labs' original SocketShield(TM) anti-exploit technology, the LinkScanner family adds new SearchShield(TM) functionality to protect users against malicious hyperlinks in search engine results. The products also add protection against malicious phishing, social engineering, and warez web sites that distribute cracked software, and advertising networks known to distribute malicious text and banner ads.
Conventional safe surfing applications such as McAfee(R) SiteAdvisor, which judge web site safety based on historical data, are recognized as delivering results that are up to 50% inaccurate. SiteAdvisor's approach is simply inadequate to deal with the highly dynamic nature of today's web threats. LinkScanner's real-time approach, by contrast, delivers definitive information about the threats present on any web site at the only time that matters -- the time the user is about to click through to that site.
A chart detailing the differences between the LinkScanner products and McAfee SiteAdvisor is attached below as an addendum to this release.
LinkScanner Backed by Exploit Prevention Labs' Patent-Pending Intelligence Network
LinkScanner is powered by Exploit Prevention Labs' patent-pending Intelligence Network, which brings together a unique combination of research techniques:
-- Exploit Intelligence is an extended network of human researchers,
automated probes, honeypots, "hunting pots," and search bots focused
on discovering new vulnerabilities and exploit examples.
-- The Reputation Filter creates an intelligent filter for known and
suspected exploit distribution sites.
-- Community Intelligence is the community of Exploit Prevention Labs
users who allow information about attempted exploitation of their
computers to be collected as part of the Intelligence Network. This
allows LinkScanner users to serve as an extension of Exploit Prevention
Labs' research efforts, providing a virtual "Neighborhood Watch for the
Web" community of users who automatically report new malicious web
sites, hyperlinks and exploits back to Exploit Prevention Labs
researchers.
-- SiteID digs beneath the surface of any site's publicly-stated ownership
to determine whether the site is really operated by the person or
entity who claims to own it.
-- The Correlation Engine aggregates intelligence gained through this
research, assembles it in real time, and distributes it transparently
back to the community, providing exploit-specific protection within
minutes of a zero-day exploit discovery.
LinkScanner Provides Reliable Protection against Web-based Exploits in a Lightweight Application
Unlike many security software products that sap memory, disk space and computing resources, LinkScanner products are extremely lightweight. LinkScanner Pro requires only 10MB of RAM and 4MB of hard disk space, and LinkScanner Lite requires even less. Both products support all versions of Windows 2000 and XP and require minimal computing resources to operate.
The LinkScanner family provides a critical layer of security that complements the defenses provided by traditional security solutions. Firewalls cannot stop exploits because exploits enter within the trusted communications stream of the user's browser connection. Anti-virus and anti- spyware applications can't protect against exploits because they must wait for the malware code to hit the hard disk in order to detect it, and by that time most exploits have already executed their payload. Patch management systems can't distribute a patch until the application vendor releases it, often weeks or months after the discovery of a security vulnerability. And patching as a general practice, while critical, often fails because it relies on users taking action of their own volition.
Pricing, Specifications and Availability
LinkScanner Pro and LinkScanner Lite are now available from Exploit Prevention Labs' web site at http://www.explabs.com.
LinkScanner Pro is priced at $29.95, including a one-year subscription for unlimited updates and online technical support. A fully functional 30-day evaluation can be downloaded from http://www.explabs.com/downloads/LSP Current licensed SocketShield users can upgrade to LinkScanner Pro at no charge.
LinkScanner Lite, which offers many of the same features as LinkScanner Pro but without the convenient automation, is free and can be downloaded from http://www.explabs.com/downloads/LSL LinkScanner Online, available at http://linkscanner.explabs.com, is a free real-time online URL scanning service that lets users know whether any individual site they intend to visit has been poisoned by an exploit distribution network. LinkScanner Online supports all major web browsers and is freely available for incorporation into third-party websites. Interested webmasters can request the code through Exploit Prevention Labs' website at http://www.explabs.com/LinkScanner/MyLinkScanner/.
About Exploit Prevention Labs
Founded by information security veterans Bob Bales and Roger Thompson in 2005, Exploit Prevention Labs develops the LinkScanner family of safe surfing software and services. LinkScanner Pro, LinkScanner Lite and LinkScanner Online provide patent-pending protection against malicious web sites and web- based exploits during the critical risk window between the announcement of a security vulnerability and the provision of a patch by the vendor. A Software Development Kit (SDK) is also available to enable third party vendors to incorporate Exploit Prevention Labs' technology in their own applications and services. More information about Exploit Prevention Labs and LinkScanner may be found on the company's website at http://www.explabs.com.
Functionality Comparison Chart, LinkScanner vs. McAfee SiteAdvisor
LinkScanner LinkScanner McAfee McAfee
Pro Lite SiteAdvisor Plus SiteAdvisor
Price $29.95 Free $24.95 Free
Lightweight app
with browser
toolbar
integration Yes Yes Yes Yes
Real-time,
definitive
identification
of malicious
sites that
distribute
exploits Yes Yes No No
100% coverage
of the web --
detects
exploits in
all web pages Yes Yes No No
Prevents
emerging zero-
day exploits
before they
can spread Yes Yes No No
Real time
search engine
result
inspection for
exploits and
other risk
factors Yes Yes No. Results No. Results
based on based on
previous, previous,
often out of often out
date scan, of date
not real-time. scan, not
real-time.
Real-time web
page
inspection,
rating and
advice Yes, Yes, No. Ratings and No.
automatic manual advice not Ratings and
real-time. advice not
real-time.
Identifies
drive-by
downloads
and exploits
"in the stream"
before they
reach PC Detects Detects No No
and blocks only
Protects
against
phishing and
other social
engineering Yes, Yes, Yes, Yes,
scams automatic manual automatic manual
Automatically
inspects email
and IM links Planned No Yes No
Community-based
research -- when
users encounter
exploits or
malicious web
sites, information
about that event
is automatically
transmitted back
to the vendor
for
incorporation
into research Yes, Yes, No No
knowledge detection detection
and and
reporting. reporting.
Alert
reporting and
logging -- full
details of
threat
detection and
site blocking Yes, Yes, No No
events automatic manual
Tracks all
Internet-
using
processes
and displays
activity in
an intuitive
format. Yes No No No
Dependencies None for None for User is User is
exploit exploit dependent dependent
signature signature on a single on a single
and and point of point of
malsite malsite failure. failure.
databases, databases, If the If the
stored stored host database host
locally. locally. server database
Some Some is down, server
reputation reputation users have is down,
data is data is no way to users have
obtained obtained know if a no way to
from a from a site is know if a
remote remote exploitative. site is
database. database. exploit-
ative.
Media Contact:
Tim Shisler/Julie Parayno
Dovetail Public Relations
408.395.3600
xpl at dovetailpr.com
