FireEye

MENLO PARK, Calif.—April 19, 2007—FireEye, Inc. announced today that its FireEye Attack Confirmation Technology (FACT) stops botnets exploiting a zero-day flaw in Microsoft's Domain Name System (DNS) server. Microsoft has publicly acknowledged the DNS server vulnerability, but stated that there is no patch available currently. Thus, even enterprises who have installed the very latest patches are left defenseless. Bot herders are now actively exploiting this vulnerability to grow their botnets.

"Botnets are pervasive in the Internet and use zero-day vulnerabilities, such as Microsoft's DNS vulnerability, to grow their armies," said Ashar Aziz, CEO of FireEye. "Botnets enable theft of enterprises' customer data and intellectual property, and can be used to commit fraud and crime on a large scale. Enterprises should be very concerned about brand damage and legal liability due to botnets on their networks."

Antivirus and intrusion detection technologies fail to detect exploits using zero-day flaws, since they are unknown and no signatures exist for them. This lack of coverage is common, as signature-based technologies cannot keep up with the flood of malware variants created by a criminal underworld. In addition, anomaly detection technologies fail to detect many botnet exploits without burying administrators in false positives.

Without signature updates, behavioral tuning, or false positives, FireEye protects enterprise networks from botnets and other malware. The FACT engine confirms within victim virtual machines any attempt to exploit systems on the network. To protect enterprise DNS infrastructure, the FACT engine confirms the attempt to exploit the DNS service. FireEye's unique application of virtualization to network security addresses the rapid proliferation of botnets and other crimeware—malicious software designed to steal intellectual property, customer information, employee identities and more.

Enterprises are particularly at risk for compromise, since the vulnerable software is commonly used in enterprise networks. This flaw also enables DNS poisoning attacks that redirect domain name requests to an attacker's server to capture confidential enterprise information.

Bot herders using Nirbot/Rinbot or Delbot for example, can easily add new compromise techniques so that they can quickly take advantage of new zero-day flaws before patches are created and deployed. After successfully compromising machines using any of dozens of exploit techniques, bot herders use their unrestricted access to steal customer data, intellectual property, and perpetrate fraud. FireEye protects against these new compromise techniques without any updates or tuning, providing continuous protection against botnets and other malware.

About FireEye, Inc.

FireEye, Inc. is the leader in anti-botnet protection, enabling organizations to protect critical intellectual property, computing resources, and network infrastructure against bot infiltration. Today's most damaging attacks originate from and through highly organized botnets, or networks of remotely controlled, compromised machines. FireEye delivers a complete solution that is designed from the ground up to detect and protect organizations from botnets through global and local intelligence and analysis. The company is backed by Sequoia Capital, Norwest Venture Partners, and JAFCO. For more information, contact (408) 321-6300 or email: .