EliaShim Ltd. has Identified Additional MicrosoftSecurity Holes in Microsoft Internet Mail and...

HAIFA, Israel--(BUSINESS WIRE)--March 7, 1997 -

EliaShim also announces its free fix, available for download at www.eliashim.com, for newly discovered security risk that threatens Microsoft users

EliaShim Ltd. today announced that it has identified another security breach in

In this newly discovered defect, malicious hackers can embed a harmful executable link (as a shortcut) within Microsoft newsgroup postings and in messages received through Microsoft's Internet Mail. The hostile links, placed innocuously within messages and often disguised as free demo opportunities, prey upon unsuspecting computer mail or newsgroup users by carrying out any number of harmful internal applications in the PC's hard drive. In addition to deleting desktop shortcut icons, hackers could potentially delete, format, extract and execute other damaging, illegal and vandalistic functions.

Microsoft's Internet Explorer, Mail and News areas are vulnerable because Microsoft's design does not form a distinction between internal and external applications. The hostile links are undetectable because they are, in fact, remote external desktop icons that carry out internal applications in the computer. When a user clicks on a hostile hyperlink, the user executes an internal command that can possibly render a substantial amount of damage to the computer.

As an illustration, a message with a .lnk or .url attachment can be sent by any user through Microsoft Mail. When the mail is received, a double click on the attachment will open it and automatically run the harmful executable. Coupled with the potentially damaging links that can be posted in Microsoft News newsgroups, hackers have discovered a serious security breach that puts Microsoft Mail and newsgroup users at substantial risk.

"This situation is a hacker magnet because the potential for harm is so much greater - reaching not only people using Microsoft's browser, but also through its email and newsgroup applications," said Matti Zinder, EliaShim's vice president of marketing. "In fact, we believe that this security breach will now create a new type of Internet vandalism: hostile mail spamming."

With IE-Safe, EliaShim's free solution that can be downloaded at its Web site, potential problems can be averted and solved. By separating the Internet domain from the PC or workstation domain, IE-Safe does not allow the execution of commands originating from external links. In particular, IE- SAFE is a small utility program that checks all references to shortcut files and disables their execution. IE-SAFE is based on the unique technology developed by EliaShim programmers and is used in the ViruSafe-WEB Anti- Virus Plug-in product. EliaShim's IE-SAFE solution is compatible with all International versions of IE as well as Internet Mail and News applications.

EliaShim Ltd. is the leading supplier of technologically innovative anti-virus and security software to the corporate and government sectors worldwide. It has been providing unique security software solutions to over 4 million customers worldwide, including major banks and financial institutions, Fortune 500 corporations and many others. EliaShim's advanced products, utilizing over 10 years of experience gained through cutting-edge developments, are centered on the individual PC user and provide state-of-the-art protection for PC's, Local Area Networks and the Internet. EliaShim's products will continue to be made available for the consumer market during 1997. EliaShim has subsidiaries in the U.S, Europe and Japan and a network of over 40 distributors worldwide. For product and pricing information, please call 1-800-477-5177.

CONTACT: Samantha Rubin

Connors Communications

212/807-7500

sam@connors.com

or

Peter Suciu

Connors Communications

212/807-7500

peter@connors.com