FireEye Prevents Botnets from Exploiting Zero-Day Flaw

MENLO PARK, Calif., April 19 -- FireEye(TM), Inc. announced today that its FireEye Attack Confirmation Technology (FACT) stops botnets exploiting a zero-day flaw in Microsoft's Domain Name System (DNS) server. Microsoft has publicly acknowledged the DNS server vulnerability, but stated that there is no patch available currently. Thus, even enterprises who have installed the very latest patches are left defenseless. Bot herders are now actively exploiting this vulnerability to grow their botnets.

"Botnets are pervasive on the Internet and use zero-day vulnerabilities, such as Microsoft's DNS vulnerability, to grow their armies," said Ashar Aziz, CEO of FireEye. "Botnets enable theft of enterprises' customer data and intellectual property, and can be used to commit fraud and crime on a large scale. Enterprises should be very concerned about brand damage and legal liability due to botnets on their networks."

Antivirus and intrusion detection technologies fail to detect exploits using zero-day flaws, since they are unknown and no signatures exist for them. This lack of coverage is common, as signature-based technologies cannot keep up with the flood of malware variants created by a criminal underworld. In addition, anomaly detection technologies fail to detect many botnet exploits without burying administrators in false positives.

Without signature updates, behavioral tuning, or false positives, FireEye protects enterprise networks from botnets and other malware. The FACT engine confirms within victim virtual machines any attempt to exploit systems on the network. To protect enterprise DNS infrastructure, the FACT engine confirms the attempt to exploit the DNS service. FireEye's unique application of virtualization to network security addresses the rapid proliferation of botnets and other crimeware -- malicious software designed to steal intellectual property, customer information, employee identities and more.

Enterprises are particularly at risk for compromise, since the vulnerable software is commonly used in enterprise networks. This flaw also enables DNS poisoning attacks that redirect domain name requests to an attacker's server to capture confidential enterprise information.

Bot herders using Nirbot/Rinbot or Delbot for example, can easily add new compromise techniques so that they can quickly take advantage of new zero-day flaws before patches are created and deployed. After successfully compromising machines using any of dozens of exploit techniques, bot herders use their unrestricted access to steal customer data, intellectual property, and perpetrate fraud. FireEye protects against these new compromise techniques without any updates or tuning, providing continuous protection against botnets and other malware.

About FireEye, Inc.
FireEye, Inc. is a leader in network security, leveraging patent-pending virtualization technology within a network appliance to examine the impact of suspicious network traffic in an instrumented virtual environment. The result is an appliance-based approach that provides the most accurate, effortless attack detection and containment technology available. Founded in 2004 and headquartered in Menlo Park, California, FireEye is funded by Norwest Venture Partners and Sequoia Capital. For more information, call 650-543-1600, email or visit the FireEye Web site at

Source: FireEye, Inc.

CONTACT: Chris McManus of Trainer Communications, 718-832-9154, or, for FireEye, Inc.; or Elizabeth Hernandez-Jones of FireEye, Inc., 650-543-1863, or

Web site:

All Topics