After the massive press announcement of the availability of the mshtml!CDoc:etMouseCapture exploit in Metasploit (see: http://www.heise.de/security/meldung/Exploit-fuer-ungepatchte-Internet-Explorer-Luecke-1970621.html [Website in German]) I am wondering if there's a list of malware exploits the MWG AntiMalware module will "reliably" protect us from?
And yes: I'm aware of code obfuscation and polymorphism in malware.... That's the reason I'm asking for a list of attacks that MWG can avert *reliably* (due to their nature, etc.)
Thanks a bunch!
BTW: We're on 126.96.36.199 still, if that matters...
I wouldn't expect such a list to exist since I can't imagine anyone wanting to be curating such a list. And I don't expect any vendor of a network appliance to want to be in a public facing role of testing every new exploit framework payload with all available evasion techniques tried against an existing product... as it'd be a depressing task. I have to imagine vendors clueful enough to be doing such self efficacy testing would want to keep that sausage making process behind the factory door. Going public with the results of such when no other vendors are doing so would just lead to competitive disadvantage.
That all said though, one of the biggest bangs web gateway can do for ya that doesn't involve anti-malware... if you can get buy in, block all Java filetypes, extensions, and user agents at the gateway except for a whitelist of sites your business has a legit business need to access java component from.