ALADDIN SECURITY ADVISORY:New "BugBear" Trojan Can Disable Firewalls and Give Hackers Full Remote Control
CHICAGO, October 1, 2002 - Aladdin Knowledge Systems (NASDAQ: ALDN) today announced its eSafe content security solution with XploitStopper is proactively protecting networks against the latest Win32 Trojan, Win32.BugBear without a virus signature update. A quickly spreading, medium-level vandal BugBear can stop the processes of various anti-virus and personal firewalls and give hackers full remote control of infected PCs.
Also known as NATOSTA.A, W32/Bugbear-A, Tanatos, W32/Bugbear@MM, or WORM_BUGBEAR.A, Win32.BugBear arrives as an executable file with a double extension ending in either .EXE or .SCR. Upon arrival it will usually self-execute on unhatched systems vulnerable to the MIME vulnerability.
The email masks itself behind a variety of innocuous subject headers like "$150 Free Bonus" or "Bad news," from a spoofed sender address. Upon execution it will save a copy of itself under a random name in the Windows System directory and will run on every restart or login by inserting itself in the Startup folder. It can also install a keyboard logging program that can collect credit card numbers, passwords, usernames and other sensitive information. BugBear then opens a back door on port 36794 which permits hackers or others to access the log and steal the information it has collected.
Aladdin's Content Security Response Team already reports several infection attempts have been blocked proactively without the need for any update. Because it can create files, send email, permit remote control, enable information theft and stop firewall and anti-virus processes, it could wreak havoc and cause significant commercial and economic damage.
"eSafe's proactive technology continues to prove its value," says Shimon Gruper, Aladdin's executive vice president, Internet Technology. "With a threat like BugBear, out in the wild, traditional anti-virus technologies that rely on scanning and updates won't have what it takes to automatically stop malicious code. Our motto that 'Signature updates are too late' is proven with this latest virus threat."
eSafe's content inspection features stop threats and increase employee productivity while reducing the load on corporate bandwidth. Picked as PC Magazine's Editors' Choice in June, 2001 and again in July, 2002, Aladdin's eSafe Mail and eSafe Gateway products deliver comprehensive set of unique technologies including:
- XploitStopper - prevents exploitation of MS-Exchange and Outlook security holes by hackers, viruses and malicious code
- GhostMachine - catches polymorphic viruses that use mutation and stealth techniques
- MacroTerminator - stops known and unknown Microsoft Office macro viruses
- SmartScript filtering - blocks known and unknown malicious VB and Java scripts embedded in HTML formatted emails
Aladdin Knowledge Systems
Aladdin (Nasdaq: ALDN) is a leader in digital security, providing solutions for software commerce and Internet security since 1985. Aladdin serves over 30,000 customers worldwide. Aladdin's products include: the USB-based eToken device for user authentication and e-commerce security; the eSafe line of content security solutions that protect PCs and networks against malicious, inappropriate and nonproductive Internet-borne content; HASP and Hardlock, hardware-based software security systems that protect the revenues of developers; and Privilege, a software licensing and distribution platform.
Please visit the Aladdin Web site at www.aladdin.com.
All trademarks and registered trademarks are the property of their respective holders.
Zintel Public Relations
Investor Relations Contact:
Global Consulting Group