January 30, 2004

Sleuth9 immediately stops MYDoom and other zero­day cyber attacks at the perimeter of the network

DALLAS, TEXAS - DeepNines Technologies, the only company to offer a security platform that includes firewall, intrusion prevention and gateway anti­virus functionality in front of the router, today announced its Sleuth9 Security System instantly stops MyDoom, the blended threat and zero­day attack. MyDoom, also known as Novarg, clones itself by sending emails to addresses from address books and files with the following extensions: WAB, TXT, HTM, SHT, PHP, ASP, DBX, TBB, ADB and PL. Using its own SMTP engine, MyDoom also opens a backdoor and launches a Denial of Service (DOS) attack against www.sco.com and www.microsoft.com. Companies that have Sleuth9 deployed in front of the router, are finding that approximately 1.5 out of every 10 emails are infected and they are successfully blocking those emails at the perimeter, thus preventing MyDoom from impacting the network.

Companies with host­based anti­virus solutions cannot prevent this attack because this blended threat contains its own SMTP engine to construct outgoing messages; and travels with a peer­to­peer propagation routine. Unlike host­based anti­virus solutions, Sleuth9 monitors all traffic, including peer­to­peer and STMP traffic not necessarily traveling port 25, and can instantly identify and block the traffic anomalies generated by MyDoom. With its patent­pending DOS prevention technology, Sleuth9 also eliminates the DOS payload and backdoors that MyDoom creates.

"New viruses like MyDoom and Mimail often attempt to send email messages using a built­in SMTP engine. These tactics bypass the normal SMTP host and any Anti­virus that it has," said Buz Dale, information security specialist for the University System of Georgia. "Scanning or blocking SMTP traffic at the perimeter may be the only way to prevent this kind of malicious traffic from leaving your network."

Sleuth9 stops MyDoom, along with other zero­day attacks, by inspecting all email at the perimeter before infections can penetrate the network. If the worm is detected, the malicious traffic is blocked and administrators are automatically notified. When an infected machine connects to the network and an infected email passes through Sleuth9, the system will automatically detect and stop the worm as well. With Sleuth9's ForensiX Capture System, IT professionals can access IP and other relevant traffic information to identify and eliminate security vulnerabilities related to MyDoom and other blended attacks.

"From MiMail, to Nachi, Bagel and now MyDoom, self­propagating worms and zero­day attacks continue to challenge traditional, desktop and host­based anti­virus security models," said Dan Jackson, DeepNines' president and COO. "The bottom­line is companies must put in place an integrated security solution at the perimeter of the network. Only DeepNines can arm organizations with an integrated security platform that sits inline, invisibly, in front of the router and includes firewall, intrusion prevention and gateway anti­virus functionality."

The Sleuth9 Security System is a proactive, intelligent, intrusion prevention and anti­virus solution specifically designed to stop complex, blended threats. Sleuth9 detects and automatically prevents cyber attacks from entering or leaving a network by forming a new perimeter of defense against DoS, DDoS, Trojan horses, self­propagating attacks, worms and viruses as well as other attacks launched from infected internal or external computers. Sleuth9 can be deployed at the perimeter of the network or in front of other likely targets such as web servers, mail servers, application servers, etc.

About Deep Nines Inc. DeepNines offers a scalable security platform for Global 2000 companies with a vertical market focus in education, government, telecommunications, energy and financial services. The DeepNines Security Edge PlatformT integrates intelligent firewall, intrusion prevention, best-of-breed secure content management, forensics and reporting. It operates outside the network infrastructure, improving organizations' security "deep into the nines." DeepNines' Security Edge Platform, the company's patent-pending security system, is a fully automated signature and behavior-based, intrusion prevention and traffic management system preventing known and unknown attacks from entering an organization's network. The Security Edge Platform runs on Solaris and Linux platforms from Sun Microsystems. To learn more about Deep Nines visit www.deepnines.com.