Aladdin's eSafe Enterprise Traps New Version of Devastating Worm.ExploreZIP Without Virus Table Updates

Seattle, - December 1,1999- Aladdin Knowledge Systems (NASDAQ: ALDN), a global leader in the field of Internet content and software security, today announced its eSafe Enterprise and Desktop products will combat the new malicious MiniWorm.ExploreZIP virus without the need for time-consuming virus table updates. eSafe's offerings block potentially damaging activity by stopping unauthorized access to critical system areas, thus trapping viruses, vandals and worms from infecting the system and damaging files.

MiniWorm.ExploreZIP is a variant of the original Worm.ExploreZIP, which caused severe damage to PCs and networks in June of this year. MiniWorm.ExploreZIP contains all of the original destructive potential of the original. In addition to utilizing the Microsoft Outlook, Outlook Express, and Microsoft Exchange email programs to mail itself as a reply to received email, it will destroy any file with the extension .h, .c, .cpp, .asm, .doc, .ppt, or .xls on any hard drive or mapped network drive.

Aladdin's eSafe Enterprise and Desktop products both feature a patent-pending Sandbox module designed to protect against unknown malicious web and e-mail content. eSafe's Sandbox monitors the network or PC for malicious or inappropriate activity in addition to searching for signatures of recognized viruses and malicious content. When abnormal activity is detected, eSafe's Sandbox technology automatically blocks the action, preventing damage. Because eSafe proactively monitors all system activity, rather than scanning for pre-defined or recognized malicious code, it is able to stop viruses like MiniWorm.ExploreZIP without updates to existing virus signature tables.

The MiniWorm.ExploreZIP vandal (or worm, as it is commonly known) spreads as an attachment to email messages named "zipped_files.exe". When run, it will copy itself to the Windows\System directory with the filename "explore.exe", or a Windows directory with the filename "_setup.exe". The worm/virus then modifies the operating system so that it is executed each time Windows is started.

"A user will send an e-mail message to someone who is already infected with this new MiniWorm.ExploreZIP virus. The infected user's machine will automatically reply to you with a misleading e-mail message containing an attachment that, if opened, will infect you as well," said Eric Vasbinder, Product Line Manager for Aladdin Knowledge Systems. "Once the vandal is executed, it will infect your system. If you are using Microsoft Exchange/Outlook/or Outlook Express, it will try to e-mail itself automatically to every person who sends you an email message."

The MiniWorm.ExploreZIP virus has been compressed using a binary compression utility, allowing the vandal to execute normally with no manual decompression required. This also has the unfortunate effect of changing the vandal's appearance, allowing it to avoid detection by standard anti-virus software packages until new signature tables can be made. The original decompressed form of the vandal (Worm.ExploreZIP) is found only in the computer's memory.

"Aladdin's approach to security is revolutionary because it is both proactive and pragmatic. Long ago we recognized that customers could be infected by a new virus before their anti-virus company can post an update to their virus tables. eSafe's sandbox technology is just one of several proactive measures we've taken to reduce the need for up-to-the-minute updates of virus signature tables," said Kevin Gorman, President of Aladdin's Internet Security Unit in North America.

Each of the eSafe products, including eSafe Gateway™, eSafe Enterprise™ and eSafe Desktop™, are available for download and as shrink-wrapped products. eSafe Desktop is available free of charge from Aladdin's website for immediate protection against the MiniWorm.ExploreZIP virus.

About Aladdin

Aladdin Knowledge Systems (NASDAQ/NMS: ALDN) is a global leader in securing digital content, from applications software to Internet use and access. Aladdin's products include HASP and Hardlock, software security systems that protect the revenues of developers and publishers; Privilege, a software licensing platform for the Internet; the eSafe line of anti-vandal, anti-virus and content filtering software for PCs and networks connected to the Internet; and eToken for Internet security and authentication. Aladdin serves its customers through eight offices located in the world's major software markets as well as a network of 50 distributors serving more than 100 countries.