eEye Digital Security » News

News

eEye Digital Security Announces Discovery of Critical Security Flaw in Most Widely Deployed P2P Software Used in Japan

eEye Also Releases Multiple Free Tools to Detect and Monitor Winny P2P Software and Traffic

(ALISO VIEJO) April 21, 2006 — eEye Digital Security®, the leading developer of endpoint security and vulnerability management software solutions, as well as the industry’s foremost contributor to security research and education, today announced the discovery of a critical flaw related to the Winny Peer-to-Peer (P2P) software. This flaw has the potential to inflict serious damage, as it remotely exploitable and allows an attacker to overwrite memory and execute code.

“For our Japanese customers, this flaw in the Winny application creates the potential for widespread attacks,” said Marc Maiffret, eEye’s co-founder and chief hacking officer. “This discovery continues a global trend in which consumer applications are serving as attack vectors within enterprise networks. This is a prefect example for the need for rigorous security policies, and their enforcement, via network security scanning, monitoring and comprehensive endpoint security that will allow enterprises to mitigate this growing threat.”

Enterprise networks in Japan are particularly vulnerable and should take immediate action to identify affected machines, as the likelihood that Winny is installed on their network is extremely high. Currently the most popular P2P software in Japan, Winny is a file-sharing application that claims to keep the identities of users secret. With hundreds of thousands of users, Winny is now being used as a distribution method for multiple forms of malware such as the Yamada and Antinny worms, both of which copy information from an infected user’s hard drive and upload this information to popular Internet bulletin boards, including 2Channel and others. eEye’s detailed advisory on this subject can be found here: http://www.eeye.com/html/research/advisories/AD20060421.html.

To combat this issue, eEye has released the Retina® Winny Scanner to remotely detect those machines running the P2P application, as well as the Retina Winny Monitor to detect and monitor network traffic using this software. For those organizations interested in using eEye’s free scanning and monitoring tools, they can be downloaded at https://sec.sse.co.jp/eeye/freedl.html (This is a Japanese language site hosted by our distribution partner, SCS).

Based on eEye’s award-winning Retina Network Security Scanner, the Retina Winny Scanner will scan every device on an enterprise network to determine whether a machine is running this software. Enterprises can also enumerate the Winny hosts in their networks by specifying the IP address range. eEye’s Retina Winny Monitor “sniffs” network traffic and detects the Winny's command-0 packet (the initial key packet), as well as logging the source and destination IP address when the command-0 packet is detected. The eEye Winny Monitor can then reset the TCP connection of the machine running this application, thus ending their network session.

eEye is committed to enhancing security for the Internet community and helping companies maintain a safe computing environment by offering the Retina Winny free scanning and monitoring tools to facilitate the discovery of machines running the Winny software. While these particular tools allows for quick auditing by searching for the Winny application specifically, the complete Retina product detects thousands of vulnerabilities to provide ongoing, comprehensive vulnerability assessments for any network without requiring administrative rights. For those interested in scanning corporate networks with Retina, an evaluation version is available for download on eEye's Website: www.eeye.com/Retina.

Over the last five years, industry experts have recognized eEye as the preeminent organization in the discovery of the most critical vulnerabilities in various platforms and applications, including the vulnerabilities subsequently leveraged by the Sasser, Witty and Code Red worms, as well as the Microsoft ASN vulnerability and hundreds of other important discoveries. This expertise gives eEye a distinct advantage in designing services and software solutions for the assessment, remediation and prevention of vulnerabilities and the attacks that leverage them.

Additionally, eEye already proactively protects its customers from the malware distributed via Winny with its Blink Endpoint Intrusion Prevention solution, allowing IT departments to scan and remove Winny from their networks according to regularly scheduled maintenance cycles. Blink does not require shutting down services or applications as a means of protection, thus allowing businesses to continue to function normally. The result is 100 percent protection, with zero downtime or impact to operations.

Unlike signature-based solutions, such as anti-virus or behavior-based solutions, current Blink customers aren't required to do anything to realize protection from the malware distributed by Winny, as no updates or policy changes are required. For those interested in protecting corporate systems with Blink, an evaluation version is available for download on eEye's Website: www.eeye.com/Blink.

About eEye Digital Security

eEye Digital Security® is pioneering a new class of security products:integrated threat management. This next-generation of security detects vulnerabilities and threats, prevents intrusions, protects all of an enterprise’s key computing resources, from endpoints to network assets to web sites and web applications, all while providing a centralized point of security management and network visibility.eEye’s research team is consistently the first to identify new threats in the wild, and our products leverage that research to deliver on the goal of making network security as easy to use and reliable as networking itself. Founded in 1998 and headquartered in Orange County, California, eEye Digital Security protects more than 9,000 corporate and government organizations worldwide, including half of the Fortune 100. For more information, please visit www.eeye.com

About eEye Digital Security

Primary Agency Contact

EMEA Agency Contact

Corporate Contact