• United States



And now for a popup message from a malware blocker

Feb 08, 20073 mins
Data and Information Security

Deb Radcliff, a veteran on the security beat and regular contributor to CSO, is attending the RSA Security Conference in San Francisco. She sent this dispatch:

Today, I met with the CEO and CTO of a company called Exploit Prevention Labs that looks to have some help for a big problem I’ve been writing about of late. The problem is that of infected or malicious Web sites dropping malware (key loggers, spamware, ad clickers, etc.) into browsers when a visitor simply touches the site.

According to statistics, somewhere between half and all of Mom and Pop sites are being hacked and used to do evil things to visiting computers. And it’s not just uneducated Mom and Pops. Enterprises are getting nailed this way, too, such as the case when a Circuit City Web page last year was used to install spambots, or  in the case reported on Friday about the Miami Dolphins’ site being used to redirect people to a password collector for a popular online game.

Exploit Prevention alerts users when links are suspected of being evil after it scans the link to make sure it doesn’t contain any of its database of known exploits. If users are dumb enough to go there anyway, it blocks them and tells them why.

They call this ‘definition-based exploit blocking.’

It shows you by popping up a warning when you’re about to click a bad link, or by posting a red star next to bad Web sites served up on a Web search list. This latter feature only works on Yahoo, MSN and Google search engines (it takes integration work to make the search results and warnings render correctly). And it only works with Windows, and only on IE and Firefox browsers.

But it’s a start at stopping the proliferation of malware through infected or purposefully malicious Web sites. And it might turn out as well for this little company as it did for Pest Patrol, which started as a consumer product, the first to make it easy for average Joe users to block spyware before antivirus companies even knew what the stuff was, says Roger Thompson, CTO.

Chris Weltzen, CEO, says an enterprise product, centrally managable, should be out by end of Q3. The question, he says, is do they build or partner with a complimentary company to add the management component?

“That’s one of the reasons we’re here,” he says. “We’re here scouting.”

It may also be they’re scouting for acquisition partners as well.  As we’ve seen with the anti-spyware companies (most of which have been acquired, including Pest Patrol), it’s hard to stand alone.

Editor’s note: Radcliff also serves as director of publishing and field research for The Security Consortium, a vendor-neutral product testing company in San Jose.