AVG Technologies recently acquired Exploit Prevention Labs and hasincorporated their LinkScanner technology into the AVG product linebeginning with Version 8.9Leveraging LinkScanner technologies, AVG gathers information about newand emerging threats — and the sources of those threats:• The Exploit Intelligence Network (EIN) is a global network of huntingpots, automated probes, search bots and human researchers thatperform continuous reconnaissance across the Internet to find new exploits and the websites that are luring unsuspecting users, as wellas those delivering both new and known exploits (including phishingwebsites).• The Community Intelligence Network (CIN) is a network of AVG userswho allow information about any attempted exploitation of theircomputers to be channelled back to AVG Research.The information gathered by this “neighbourhood watch on the web” isautomatically correlated and immediately fed back to AVG users in the formof updates, enabling AVG to protect against new threats within minutes oftheir discovery. Furthermore, as AVG blocks users from accidentally visitingwebsites that are known or suspected delivery agents for malware, it is notlimited to blocking only known threats — by blocking the sources ofmalware, it can also block unknown and undiscovered threats. The entireprocess — from exploit discovery to update release — is completelyautomated and transparent to ensure that AVG is able to protect its userswithin the shortest period of time.While this may all sound simple, the underlying technology is actuallyextremely complex. AVG Search-Shield and Surf-Shield componentsanalyse all the traffic passing through port 80 — the port through whichcomputers connect to the Web. The real benefit of this approach is that

exploits are blocked before they even reach the computer.

AVG’s real-time scanning has a distinct advantage over static, databasebasedblocking methods, such as that used by McAfee SiteAdvisor.SiteAdvisor alerts its users to the fact that a website is bad by checkingagainst a database of known bad websites. To find bad websites, McAfeesearch bots crawl the Web looking for websites that are delivering orhosting malicious content — and any that are found are added to itsdatabase. But malware authors know that this happens and so attempt to10hide from the search bots by configuring their websites to only drop theirmalicious payloads on certain visitors or at certain times of the day. As aresult, a website can infect a large number of machines before SiteAdvisorcan detect — and warn its users about – the hostile content the website isintermittently serving up. AVG, on the other hand, inspects all content inreal-time — as it being delivered — and so is completely immune to suchsubterfuge. Database-based blocking methods can also harm businesses.In a number of cases, legitimate websites that have been hacked havecontinued to be blocked by both SiteAdvisor and Google long after theproblem was remedied — and for a business that relies on the Web for itscustom, that approach could spell disaster.Threats are evolving more rapidly than ever before. Each and every day,thousands of new and varied exploits emerge and are pushed out by anever-changing number of websites. By constantly searching the Web fornew exploits and new sources of exploits, AVG is able to provide up-to-theminuteprotection against the very latest threats, as soon as they arediscovered — sometimes even before they are discovered. 

Tags: community intelligence, exploits, intelligence network, Malware, reconnaissance