Press Releases

18 January 2010

FireEye Provides Pre-Emptive Protection to Customers Against Current Internet Explorer Vulnerability Using Generalized Malware Analysis Platform

Company Confirms Detection of "Operation Aurora" Attacks at Customer Sites in 2009

MILPITAS, Calif.—January 18, 2010 —FireEye, Inc., the leader in modern malware protection systems, confirmed that the FireEye Analysis & Control Technology (FACT) engine has provided pre-emptive protection to enterprise, federal, and higher education customers against the current Internet Explorer (IE) zero-day vulnerability (see Microsoft Security Advisory 979352). FireEye provided protection from this sophisticated and targeted zero-day attack without any changes or content updates to the product. As the broad implications of the ‘Operation Aurora' attacks were disclosed, FireEye worked with customers to determine if they had been singled out. In several cases, it was confirmed that 'Operation Aurora' had indeed targeted their network and that the FireEye security technology had identified the IE malware attacks; the same attacks recently disclosed targeting high-profile technology companies.

At multiple production sites, FireEye and its customers established that there were attempts made to exploit the IE zero-day vulnerability. Real-time detections were made in the FACT engine without any new rules or post-mortem analysis to manually develop security content. Within the FireEye virtual machine analysis environment, dropper malware was found to install and subsequently download a Hydraq Trojan payload. Hydraq then established an outbound connection to command-and-control servers providing the cyber criminals behind the attack full administrative access to the end system, including but not limited to manipulating files, processes, installing new malware, disabling auto-patching, and even uninstalling endpoint security. The IE zero-day exploit has now been documented and made publicly available.

"Despite having traditional network security and antivirus widely deployed, 'Operation Aurora' was able to breach dozens of major corporate networks using sophisticated techniques, such as code obfuscation and a zero-day application vulnerability," said Marc Maiffret, chief security architect at FireEye. "Modern malware employs such a wide range of exploits and evasion tactics that it has made traditional security technologies obsolete. FireEye's real-time, multi-protocol content analysis within virtual machines is proving to be the only integrated defense able to accurately identify zero-day attacks."

FireEye network security appliances protect customers against zero-day attacks through advanced malware analysis across multiple protocols, including but not limited to HTTP, IRC, FTP and SMTP. Conducting deep packet inspection via highly instrumented virtual machines, the FACT engine is able to identify both previously infected machines as well as systems under attack. Organizations who are concerned they may have been attacked or are at risk of being targeted should contact FireEye for a network security review.

"The reality is these cyber attacks are regular occurrences in today's Internet threat landscape. However, 'Operation Aurora' represents a clear escalation of the use of custom, targeted malware against enterprises," said Ashar Aziz, CEO & Founder of FireEye. "It is critical that company executives recognize the threat posed by highly sophisticated modern malware, whether you call them botnets, Trojans, worms, or viruses."

FireEye customers benefit from the combination of next-generation malware protection and an extensive malware intelligence network to enhance their overall cyber security infrastructure. FireEye's network security appliances deploy quickly filling the security gaps in traditional antivirus, intrusion detection and secure Web gateways to protect against targeted attacks such as 'Operation Aurora.'

About FireEye, Inc.
FireEye, Inc. is the leader in malware protection systems, enabling organizations to protect critical infrastructure, intellectual property, and networks against Web malware and botnet infiltration. The FireEye Malware Protection System is a next-generation malware analysis platform featuring the network use of transparent virtual machines to uncover zero-day malware, botnets, and targeted attacks that circumvent today's technologies such as intrusion prevention systems, antivirus, and URL filters. By essentially eliminating false positives, FireEye re-defines effective network security. The company is backed by Sequoia Capital, Norwest Venture Partners, JAFCO, SVB Capital, DAG Ventures, and Juniper Networks. For more information, contact (408) 321-6300 or email: info@fireeye.com. Visit us at www.FireEye.com.

###

Copyright © 2006-2010 FireEye, Inc. All rights reserved. FireEye and the FireEye logo are registered trademarks of FireEye, Inc. in the United States and/or other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.

read all