Eset Delivers Generic Patch for Microsoft Word Vulnerability; Eset NOD32 Antivirus Software Delivers First Heuristic Protection Against Future Attacks

Business Wire, May 22, 2006

SAN DIEGO -- Eset, a global provider of security software for enterprises and consumers, today announced its rapid response to the new zero-day exploit against Microsoft Word. After quickly identifying the dangers posed by the new vulnerability, Eset immediately developed the world's first proactive, generic protection against current and future exploits. As a result, Eset's NOD32 antivirus software enables users to safely use the popular word-processing application until Microsoft releases an official patch.

The malicious software is distributed via email as a Microsoft Word file attachment. When the document is opened by the user, the exploit passes through existing protection like a bullet and installs a Trojan on the host PC. While the existing exploits only targeted a specific organization, the malicious code presents opportunities for copycat activities, which could have a much more global and severe impact. Eset warns that a wave of malware variants based on this exploit is likely, citing a similar pattern for the Microsoft Windows Metafile exploit that was released in late December 2005. Within a few days of the initial exploit being reported, a massive spamming of malware occurred to download adware, spyware and other malware to users' PCs.

"This new vulnerability further emphasizes the need for proactive protection and detection of zero-day threats. NOD32's ThreatSense(R) detection is already protecting its users from future attacks," said Andrew Lee, chief research officer at Eset.

Engineers at Eset very quickly realized the danger that such an exploit poses to their customers, and were able to develop a solution that generically blocks any attempt to use this vulnerability. The success was confirmed by the independent testing labs AV-Test.org. Andreas Marx, AV-Test CEO, said "Eset was not only one of the first antivirus companies which had signatures in place to stop the already known attacks used by the Win32/GenWui Trojan, but they also had the first generic detection in place on May 21 around midnight (GMT). This effectively prevents all future malware attacks attempting to exploit this zero-day vulnerability in Microsoft Word."

As of early Sunday morning on May 21, 2006 (CET), Eset customers with ThreatSense(R) Update version 1.1551 are proactively protected against this vulnerability. Eset NOD32 Antivirus software automatically updates to the new version, requiring no action from end-users in most cases. Eset's patented ThreatSense technology leverages advanced heuristics to ensure NOD32 customers are already protected from Win32/Exploit.MSWord.Smtag Trojan, also known as Win32/GinWui, and future variants of attacks against this vulnerability. When the system detects new forms of malware, they are automatically blocked and rendered harmless.

Users without NOD32's award-winning protection against emerging threats can download a fully functional 30-day evaluation copy of NOD32 for free at http://www.eset.com/download/ to ensure protection against these exploits while Microsoft develops the patch.

About Eset

Founded in 1992, Eset is a global provider of security software for enterprises and consumers. Eset's award-winning, anti-threat software, NOD32, provides real-time protection from known and unknown viruses, spyware and other malware. NOD32 offers the smallest, fastest and most advanced protection available, with more Virus Bulletin 100% Awards than any other antivirus product (www.virusbulletin.com). Eset was named to Deloitte's Technology Fast 500 four years running, and has an extensive partner network, including corporations like Canon, Dell and Microsoft. Eset has offices in Bratislava, SK; San Diego, USA; Prague, CZ; Buenos Aires, AR; and is represented worldwide in more than 100 countries. For more information, visit www.eset.com or call 1 619-319-3000.