Aladdin Identifies Potential Mega Virus Related to JPEG Vulnerability

CHICAGO, November 15, 2004, – Aladdin Knowledge Systems, Ltd. (NASDAQ: ALDN) today announced it has identified a potential “mega virus’ stemming from the recent JPEG vulnerability. Aladdin content security specialists based in Haifa, Israel have pinpointed three scenarios that could lead to a wide-spreading virus affecting organizations around the globe.

Mr. Shimon Gruper, vice president of technologies for the Aladdin eSafe Business Unit, outlines three possible scenarios that could lead to an advanced exploitation of the JPEG exploit that began to strike in October:

1. Email Attachment — Emails with infected JPEG attachments may not be identified by desktop antivirus solutions because they rely on file extensions and MIME types to identify images.
2. Image on a Web Page — Most gateway security solutions do not inspect JPEG files in HTTP and FTP – if they do inspect these files, it significantly impacts performance. Links to the infected Web pages can also propagate in email worms, instant messenger worms, IRC worms, etc.
3. Email with a Linked Image — An attacker or spammer sends an email containing an HTML image link to a JPEG containing malicious code. The JPEG itself resides on a Web server and is automatically downloaded via HTTP when the email is viewed or previewed. The code is executed the moment the image is viewed or previewed in Outlook or Outlook Express.

It is important to note that infected images could reside not only on Web servers prepared by attackers, but also on previously infected computers which are now turned into slim Web servers or on infected Web servers. This is similar to Nimda and other worms that infected Microsoft IIS Web servers.

“Based on these possible scenarios, it is clear that a highly threatening new JPEG mega-worm mega virus could emerge in the near future,” Gruper said. “If executed correctly, this type of attack could cause massive damage across hundreds of thousands of organizations worldwide, matching or exceeding damages caused by the world’s worst previous viruses.”

Aladdin strongly recommends that organizations adopt the following six action steps to reduce the chance of this threat occurring:

1. Don’t rely on SMTP or internal mail server content inspection. A complete solution must be a gateway solution and must inspect HTTP and FTP in addition to SMTP.
2. Identification of JPEG files should not rely on extensions, or content type, to prevent spoofing.
3. JPEG files should be inspected packet-by-packet in real time to eliminate latency. Users should not have to wait until the entire file is downloaded and inspected by the proxy.
4. All parts of the JPEG file must be fully inspected before being released to the client. Solutions cannot rely on partially releasing non-inspected content.
5. The gateway solution must not pose any delays and timeouts or create any visible impact on users’ browsing experience — either when cached JPEG files are delivered or when new images are downloaded.
6. For hosted web sites that allow file uploads, inspect all uploaded JPEG files.

All organizations must also apply Microsoft security patches available from:
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx.

To learn more, download Aladdin’s new Microsoft JPEG vulnerability and the Six New Content Security Requirements, visit: http://www.eAladdin.com/esafe/brochure-whitepapers.asp . For more information on this potential outbreak or to speak with Aladdin content security experts, contact Matthew Zintel of Zintel Public Relations at 310-574-8888 or matthew.zintel@zintelpr.com.

About Aladdin Knowledge Systems

Aladdin (NASDAQ: ALDN) is a leader in digital security, providing solutions for software digital rights management and Internet security since 1985. Serving more than 30,000 customers worldwide, Aladdin products include: the USB-based eTokenâ„? device for strong user authentication and e-commerce security; the eSafe® line of integrated content security solutions that protect networks against malicious, inappropriate and nonproductive Internet-borne content; and the HASP® family of hardware- and software-based products that flexibly protect, license and distribute software and intellectual property. Visit the Aladdin Web site at http://www.eAladdin.com.