ZoneAlarm Home Check Point Home


Check Point browser virtualization technology defends consumers against new zero-day exploit

REDWOOD CITY, Calif., July 8, 2009 – Check Point® Software Technologies (Nasdaq: CHKP), the worldwide leader in securing the Internet, today announced that ZoneAlarm® ForceField technology, included in ZoneAlarm Extreme Security, protects consumers against newly discovered drive-by attacks associated with Microsoft DirectShow Video ActiveX Control vulnerability. The new attack has already compromised thousands of Web sites, which in turn infect visitors with malware and expose them to potential information theft. By placing a two-way "bubble of security" around the browser, ZoneAlarm Extreme Security with virtualization technology, once again, stops infected sites from being able to silently download malicious programs onto the victim's PC. Similarly, ZoneAlarm's virtualization technology successfully protects consumers against recent attacks such as Nine Ball or Gumblar.

The still unpatched vulnerability works as users visit or are discreetly redirected to either a malicious Web site or a legitimate Web site that has been infected with malicious code. The moment a user visits an infected site, JavaScript is automatically executed to deliver malicious software unknowingly to the user's computer, by way of an exploit that exists in Microsoft DirectShow video streaming software. The downloaded malicious software allows the attacker to gain the same user rights as the local user. These rights allow the attacker to download more malicious programs, redirect victim's Web searches, intercept information the user types, or steal files that reside on the victim's computer. This silent, unsolicited download is known as a drive-by download.

Users at risk for this drive-by download have either the Windows 2000 or XP operating system, or Windows server 2003. Users must also have the DirectShow Video ActiveX plug-in (msvidctl.dll), which is typically widely distributed among Windows users.

"Since the code for the vulnerability is available in-the-wild, meaning that many hackers could take the code and use it to launch an attack, this vulnerability has the likelihood to lead to widespread use in a short amount of time," said Ben Khoushy, vice president of endpoint products for Check Point. "Through Check Point's virtualized browser, these types of attacks are contained in a bubble of security the moment they surface, and often days before anti-virus programs are able to stop the same attacks. That is why Check Point's ForceField technology is so critical in today's Web-based threat environment."

ZoneAlarm Extreme Security successfully prevents drive-by downloads from damaging users' PCs or stealing their information through its unique virtualization technology. This technology is able to identify any downloads that the user doesn't know about or invite. ForceField redirects the drive-by download to a "sandbox" where the download remains trapped and cannot harm the operating system. In addition, the antivirus included in ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite and ZoneAlarm Extreme Security has now been updated to detect and remove the drive-by downloads known to be emanating from this attack, assuming consumers have the latest antivirus updates. For more information or to download ZoneAlarm Extreme Security please visit

About Check Point Software Technologies Ltd.

Check Point Software Technologies Ltd. (, worldwide leader in securing the Internet, is the only vendor to deliver Total Security for networks, data and endpoints, unified under a single management framework. Check Point provides customers uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to innovate with the development of the Software Blade architecture. The dynamic Software Blade architecture delivers secure, flexible and simple solutions that can be fully customized to meet the exact security needs of any organization or environment. Check Point customers include tens of thousands of businesses and organizations of all sizes including all Fortune 100 companies. Check Point's award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft.


Media Contact:
Mirka Janus
Check Point Software Technologies

Investor Contact:
Kip E. Meintzer
Check Point Software Technologies

©2009 Check Point Software Technologies Ltd. All rights reserved.