does mbae stop this?

[blackdove83]

http://labs.bromium.com/2014/02/21/the-wild-wild-web-youtube-ads-serving-malware/

Been using mbae 0.9.5.1000 and i was wondering if it covered the specific exploit used there.

It lists the CVE in that article. Thank you for mbae and any assistance in advance.

I guess youtube is no longer safe

P.S. im also using EMET 4.1 with maximim security and deep hooks enabled.

[blackdove83]

Edit. Since that was discovered in february i might have had a previous version but im not positive when the campaign was started.

[pbust]

Yes, MBAE would stop this. Also MBAE is vulnerability-agnostic as well as payload-agnostic, so it really doesn't matter to us which CVE it is and whether it's a known or unknown CVE. We look at the exploit techniques used and block based on that (i.e. no signatures).

[David H. Lipman]

MBAE is vulnerability-agnostic as well as payload-agnostic,

Love the verbiage !

 

I'll have to remember it.

[pbust]

As an example MBAE would stop the calculator from executing via an exploit technique whereas a traditional AV/AM security product would consider that an FP because the calculator is not malicious. But to MBAE what matters is HOW it is being delivered rather than WHAT is being delivered.

[John L. Galt]

Agreed with David - excellent verbiage, and a great explanation in layman's terms after that.

 

I'm bookmarking this post.

[blackdove83]

Thank you for the information pbust.

[ritchie58]

I agree! Very good explanation, without all the technical jargon, on how A-E is doing it's job protecting us! This would be a great link to show someone that might be interested in also testing A-E. On that subject, I posted a topic in our forum about the pending non-support issue for XP users and the conversation led to Anti-Exploit and how that could very useful for folks that want to continue using this platform after April. http://forum.immunet.com/index.php?/topic/2525-do-you-use-windows-x-p-read-this/

[pbust]

Nice post, thanks ritchie!!