Zotob Worm Virus - Yenra

Proactive zero-day protection against exploit code that targets the MS05-039 Microsoft plug-and-play feature vulnerability

Zotob

McAfee's system and network protection solutions provide proactive, zero-day protection against a recent wave of threats that have been working to exploit a hole in the plug-and-play feature in the Windows operating system.

The vulnerability, termed MS05-039, was announced by Microsoft on August 9 and within five days the vulnerability had been targeted by virus writers that produced multiple variants of the ever expanding SDBot family, as well as a new family now known as Zotob. McAfee solutions were able to proactively protect McAfee's small to large business customers prior to the release of the exploit code and without updates, thereby helping to identify and block the attacks before they could cause damage to systems and networks.

"The recent exploits targeting the MS05-039 vulnerability appear to be one of the shortest vulnerability-to-worm windows we've seen, even shorter than the Sasser worm, which took approximately two weeks to exploit the LSASS vulnerability," said John Vecchi, senior product marketing manager, McAfee Inc. "McAfee's ability to provide zero-day, out-of-the box protection before the exploit code was discovered, clearly demonstrates the company's commitment to staying ahead of both known and unknown threats and continually keeping our customers' systems and networks secure."

While the recent slew of threats that started last Friday have been identified as low-risk threats by McAfee, the threats can still cause harm to organizations that don't have proactive protection in place or who haven't downloaded the recent Microsoft patch.

McAfee solutions, which provide protection against both known and unknown threats, were able to protect users prior to the discovery of the exploit code, demonstrating their ability to proactively protect against new exploit techniques.

McAfee Entercept, which provides host-based intrusion prevention, mitigates the threat of the worms by offering zero-day protection without the need for product updates. This out-of-the-box capability reduces the time associated with patching against the vulnerabilities and allows business users to ensure critical system security and uptime. In addition, McAfee IntruShield's network intrusion prevention appliances provide preemptive zero- day protection against the latest Microsoft exploits. As a result, IntruShield customers were proactively protected against these new threats without signature updates. IntruShield's proactive protection is delivered through its patented shell code detection technology, which was paramount to the product's ability to also provide zero-day protection against the new exploit techniques last month that targeted Cisco IOS-based routers.

Additionally, both McAfee VirusScan Enterprise 8.0i, the industry's first anti-virus software product to integrate elements of intrusion prevention and firewall technology into a single security agent, and McAfee Managed VirusScan, a Web-based solution that provides always on, automatic virus protection for smaller businesses, provide customers with proactive protection against attacks targeting the buffer overflow vulnerabilities reported in the MS05-039 vulnerability.