Mirage Networks Stops New RINBOT Variant Worm Zero-Day with its Patented NAC Technology

Worm scans for and exploits Symantec vulnerabilities

AUSTIN, Texas—March 8, 2007—New variants of a worm spreading through Symantec clients continue to be stopped by Mirage Networks®, Inc.’s zero-day technology, the company announced today. The variants, which share many of the characteristics of the W32.spybot variants, open an Internet Relay Chat (IRC) backdoor on infected systems and commandeer the desktops into a botnet. Propagation vectors include file shares; scanning the network for a specific Symantec flaw, which the company has patched; and known Windows vulnerabilities. The worm has particularly impacted companies that have not been updated with the most recent anti-virus signature files.

Mirage Networks uses behavioral rules to detect when devices are spreading threats or violating company policies. These rules stop zero-day exploits even if, as in this case, signature files are either unavailable or have not yet been installed. Mirage surgically isolates the device in question, avoiding cross infection while enabling remediation, before allowing the device renewed access to network resources. This method stops damage from threats introduced onto the network by mobile computing, remote connections, and zero-day malware—complementing perimeter security solutions and giving organizations a more complete pre- and post-admission security defense infrastructure.

“Network behavior analysis excels at uncovering and isolating this type of server-specific threat,” said Greg Stock, president and CEO of Mirage Networks. “The fact that this worm was designed specifically to thwart Symantec anti-virus programs emphasizes why enterprises can not rely on a single approach to security. Mirage appliances work in concert with anti-virus software, anti- malware, firewalls, and operating system (OS) patches to implement a security fabric, ensuring blanket network protection. Our patented quarantining capabilities are able to detect and isolate this worm in its tracks with no need for signature updates.”

About Mirage Networks

Mirage Networks, Inc. is the leading provider of Network Access Control (NAC) solutions, including both pre- and post-admission security. The company's patented technology gives organizations control over unknown, out-of-policy, and infected devices resulting in increased network uptime, policy compliance and reduced operational costs. Mirage's NAC appliances work in all network environments, deploy out-of-band and require neither signatures nor agents to enforce policies and terminate zero-day threats. Based in Austin, Texas, Mirage Networks' Endpoint Control is a consistent winner of industry awards and recognition. Learn more at http://www.miragenetworks.com.

Contacts
Mirage Networks
Alison Guzzio, 610-925-2761
alison@inktankstrategic.com

© 2007, Mirage Networks, Inc. All rights reserved worldwide. Mirage Networks, its product and program names and design marks are trademarks of Mirage Networks, Inc.