ZONEALARM CUSTOMERS PROTECTED FROM SONY ROOTKIT TROJAN
SAN FRANCISCO, Calif. – November 10, 2005: Zone Labs®, a Check Point® company (NASDAQ: CHKP), announced today that users of the award-winning ZoneAlarm® 6.0 line of Internet security solutions have, from day one, been proactively protected from the recently-reported rootkit packaged with select Sony music CDs and related threats, including a newly-launched Trojan attack that uses the Sony rootkit to hide within a PC.
The new Trojan, named Win32.Outsbot.V by Zone Labs antivirus partner Computer Associates (NYSE: CA), connects the compromised PC to an Internet chat relay server where it joins a bot net – a network of compromised computers used by hackers to launch denial of service attacks and distribute spam and other malware.
Unlike reactive antivirus solutions that took days to offer users a removal solution, ZoneAlarm’s vanguard OSFirewall™ proactively protected its users in advance by blocking the rootkit from gaining control of the PC prior to its installation.
"This new exploit is a classic example of why consumers need to be fully aware of all the software running on their PC. While we understand Sony’s need to protect its digital rights, compromising the security of their customers by using hacker-type technologies such as rootkits that create points of entry for actual hackers are not the answer," said Laura Yecies, general manager at Zone Labs and vice president at Check Point. "We are committed to creating technologies that prevent stealth software from being installed without the knowledge and consent of consumers."
Rootkits are cloaking technologies that hide files, registry keys, and other system objects from diagnostic and security software on a PC, and they are usually employed by malicious software writers attempting to keep their files hidden. In this case the rootkit, developed by First 4 Internet, ships on Sony CDs as part of its digital rights management software. Sony is leveraging the rootkit’s ability to hide the digital rights management software from users to deter them from bypassing or removing it. However, the presence of the rootkit invites exploits from hackers that can also be hidden.
Users who play Sony CDs on their PC have no way of knowing that the rootkit has been installed. However, users of Zone Alarm 6.0 premium products are alerted to the original installation of the rootkit and have the choice to stop the process. ZoneAlarm also allows a user to halt the rootkit when it attempts to launch. These multiple layers of security protect users against the rootkit install and any viruses, Trojans, worms or other attack methods written to take advantage of its cloaking ability.
Media interested in learning more about proactive technologies that protect consumers against rootkits and Trojans can contact Zone Labs PR at 415-633-4524 or firstname.lastname@example.org.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is the worldwide leader in securing the Internet. It is the market leader in the worldwide enterprise firewall, personal firewall and VPN markets. Through its NGX platform, the company delivers a unified security architecture for a broad range of perimeter, internal and Web security solutions that protect business communications and resources for corporate networks and applications, remote employees, branch offices and partner extranets. The company's ZoneAlarm product line is one of the most trusted brands in Internet security, creating award-winning endpoint security solutions that protect millions of PCs from hackers, spyware and data theft. Extending the power of the Check Point solution is its Open Platform for Security (OPSEC), the industry's framework and alliance for integration and interoperability with "best-of-breed" solutions from over 350 leading companies. Check Point solutions are sold, integrated and serviced by a network of more than 2,200 Check Point partners in 88 countries.
Zone Labs LLC
Anne Marie McCauley
Check Point Software Technologies
# # #
(c)2003-2005 Check Point Software Technologies Ltd. All rights reserved.
Check Point, Application Intelligence, Check Point Express, the Check Point logo, AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa, Cooperative Security Alliance, DefenseNet, Eventia, Eventia Analyzer, Eventia Reporter, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL, Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC, OSFirewall, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge, SecurePlatform, SecuRemote, SecureXL Turbocard, SecureServer, SecureUpdate, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security, SmartDashboard, SmartDefense, SmartDefense Advisor, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, Triple Defense Firewall, TrueVector, Turbocard, UAM, User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 VSX, VPN-1 XL, Web Intelligence, ZoneAlarm, ZoneAlarm Pro, Zone Labs, and the Zone Labs logo, are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935, 6,873,988 and 6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending applications.