FireEye Releases Next Gen Email Security Appliance

Melisa LaBancz-Bleasdale — Mon, 14 Feb 2011 22:58:34 +0000

FireEye, Inc., purveyors of next-generation Malware Protection Systems (MPS), launched their FireEye Email Malware Protection System at the RSA Conference today. The solution was developed to stop targeted email attacks, known as spear-phishing, to prevent malware-induced network breaches and data theft. With the launch of the Email MPS, enterprises and government agencies can protect data and networks from recurring Modern Malware infections and advanced persistent threats (APTs) that attack using malicious email content and attachments. FireEye says that this is the first available email security solution that provides real-time analysis of embedded URLs and attachments for targeted, socially engineered attacks.

“The Email MPS represents a new generation of messaging security protecting against email attacks using malicious URLs and attachments exploiting zero-day vulnerabilities,” said Ashar Aziz, CEO, CTO and Founder of FireEye. “FireEye’s integrated MPS solutions protect organizations across the Web and Email attack vectors. Customers now have the most comprehensive protection against the Modern Malware used to conduct cybercrime, cyber espionage, and cyber reconnaissance attempts.”

Highly Scalable, Accurate, and Effective Spear Phishing Security

FireEye’s new Email MPS features the Real-time Attachment and URL Analysis engine that evaluates emails for zero-hour malware using virtual machines that run a cross-matrix of operating systems and applications, such as various web browsers and plug-ins. This dynamic analysis enables FireEye to detect and stop spear phishing email attacks aimed at known and truly unknown OS and application vulnerabilities. With global data from the FireEye MAX Cloud Intelligence network, customers get the latest security content about malicious attachments targeting zero-day vulnerabilities, malware callback channels, and URL blacklist updates. The incorporation of real-time, dynamic analysis coupled with global security content enables customers to stop the email-borne Modern Malware infection cycle. With blended attacks using email and the Web on the increase, it is critical to have a zero-hour, signature-less malware protection engine to analyze links in email as well as file attachments, such as PDF documents, Microsoft Office® files, multi-media content, and other file formats.

The FireEye Email MPS is designed to be an easy-to-deploy appliance that requires no tuning and deploys as an MTA (Message Transfer Agent), SPAN device, or as a BCC destination. The FireEye solution deploys behind existing email control points like antispam gateways. The new Email MPS family comprises the Email MPS 8000 Series for high email volume environments and the Email MPS 5000 Series for mid-to-large email volumes.

Mega-D/Ozdok Botnet Take Down

Stephanie Jordan — Thu, 19 Nov 2009 09:03:48 +0000

At the time the McColo ISP went down a year ago, Ozdok a.k.a. Mega-D became the biggest of the spam botnets, and ever since has remained in the top 10 of spam bots. Earlier this month, researchers at FireEye, Inc. decided to attempt a take down of Mega-D.

“Our research team researched this particular botnet and after weeks of data analysis, on November 3 they came out with the information on the command and control locations, the IP addresses, and all the background detail,” explains Phillip Lin, director of marketing for FireEye. Armed with the data and encouraged by the success of its role in the take down of the Srizbi botnet and shut down of McColo, the FireEye researchers reached out into the messaging community.

“We did what we considered to be the right thing,” continues Lin. “Which was to submit it to the abuse departments of various organizations saying, ‘Hey, if you didn’t know, you’re hosting some bad stuff.’ As it turned out, probably because of the coverage we received last year from the Srizbi bot and McColo, the abuse departments responded fairly quickly and made it a more coordinated effort.”

Those actions included taking down domain names, cutting off the command and control servers, and hosting providers actually shutting off machines. “What effectively ended up happening was, as of the 6th, the botnet was turned off.”

According to Lin, FireEye estimates there was about 246,000+ live/active bots in Mega-D. He notes that, “Many bots stay dormant if the cybercriminal operator doesn’t light them up. Based on our stats, the top Geo breakdowns of where the bots were located were Brazil with 11.5 percent; India with 11.0 percent; Viet Nam with 10.9 percent; Russian Federation with 5.2 percent; and Mexico with 3.6 percent.”

In its blog, MessageLabs Intelligence commends FireEye’s work, stating: “It seems their actions have been very successful indeed, as our monitoring shows a huge decline in this previously prolific botnet’s activity.” The MessageLabs blog also offers a graph showing a dramatic plummet of Mega-D unique IP addresses on the 4th and the days that follow.

Lin says that FireEye was pleased with the response to their research and to work with others to confirm its findings, “We felt like the community is finally getting to the point where they understand the scale of the problem, and can see the effectiveness of doing a coordinated shut down of a botnet.” Lin also felt it was acknowledged that “FireEye is a reputable player, and that you can trust our data. We have been working back and forth and hopefully we will have an even quicker process in the future, but it takes weeks of research to dig up all the different pieces.”

The latest news on the take down comes from a blog by Todd Rosenberry, FireEye Malware Intelligence Lab, where he writes that the botnet has been contained for over a week, and that moving forward Shadowserver, the all volunteer watchdog group, will take over monitoring the botnet.

To follow the adventures of the FireEye team and learn more, read the researchers’ account.