Advisory: Blue Coat Secures Against IE Redirection Threat and JS/Scob Trojan

Threat Exhibits Spyware Characteristics and Transmits Confidential Data from

User Desktops

Jun 25, 2004, 01:00 ET from Blue Coat Systems, Inc.

    SUNNYVALE, Calif., June 25 /PRNewswire-FirstCall/ -- Blue Coat(TM)
 Systems, Inc. (Nasdaq:   BCSI), a leading provider of proxy appliances, today
 announced that its ProxySG(TM) and ProxyAV(TM) appliances safeguard
 organizations from threats exploiting the recently discovered HTTP Redirect
 Vulnerability in Microsoft Internet Explorer (IE), including the JS/Scob
 Trojan.  This widespread vulnerability can allow hackers to take control of
 desktop computers and extract confidential information from corporate systems.
     A vulnerability has been discovered in Microsoft's Internet Explorer,
 which fails to assess the security attributes of a Web page being served by an
 infected Web server.  This vulnerability allows an attacker to execute code
 within the "Local Machine Zone" security domain on desktop computers (a
 security setting treated with a high-level of trust because it assumes only
 content on the user's machine is being accessed).  The vulnerability is
 currently being exploited by the JS/Scob Trojan, also known as Download.Ject,
 which communicates from infected desktop computers to a malicious Web server.
 It then downloads spyware that can transmit confidential information, such as
 financial data and passwords, to the malicious source outside the network.
 Future variants could download other types of malicious code.
     Blue Coat proxy appliances are designed to provide a secure layer between
 users on the network and the Web.  Using Blue Coat, organizations can
 safeguard against threats that exploit vulnerabilities in IE Web browsers.
 Blue Coat's solution is uniquely capable of mitigating this IE vulnerability,
 and preventing a Web server from loading malicious code on a desktop computer,
 because of its comprehensive visibility and control over the Web channel.
 Blue Coat provides protection on multiple layers:
     1.  Blue Coat's ProxySG appliances are capable of reviewing all incoming
 response headers for location requests, and blocking those that are invalid.
     2. The ProxySG directs Web content susceptible to virus infection to the
 ProxyAV appliance, where the JS/Scob remote access Trojan can be detected and
 deleted.  This provides a signature-based layer that complements the ProxySG's
     3. The ProxySG acts as a "middle-man" between users on the network and
 Internet to terminate any unauthorized attempted communication of confidential
 information.  This further mitigates risks if the Trojan already exists on any
 desktop computers.
     4. The ProxySG also supports blocking by "user-agent type" to restrict the
 use of browser versions that are subject to this vulnerability.
     5. As an added measure, the ProxySG appliance enables administrators to
 explicitly block known Web sites or files that contain malicious code.
     Blue Coat recommends that customers reference the Technical Brief titled
 "Addressing IE Vulnerabilities" located at for more
 instructions on configuring its ProxySG appliances to avert the threats posed
 by IE vulnerabilities.  Those interested in learning more about the benefits
 of proxy appliances should also visit for information.
     About Blue Coat Systems
     Blue Coat enables organizations to keep "good" employees from doing "bad"
 things on the Internet.  Blue Coat wire-speed proxy appliances provide
 visibility and control of Web communications to address today's new business
 risks -- such as inappropriate Web surfing, viruses brought in via back door
 channels such as instant messaging and Web-based email, and network resource
 abuse due to peer-to-peer (P2P) file sharing and video streaming.  Trusted by
 many of the world's most influential organizations, Blue Coat has shipped more
 than 18,000 proxy appliances.  Blue Coat is headquartered in Sunnyvale,
 California, and can be reached at 408-220-2200 or
     FORWARD LOOKING STATEMENTS:  The statements contained in this press
 release that are not purely historical are forward-looking statements,
 including statements regarding Blue Coat Systems' expectations, beliefs,
 intentions or strategies regarding the future, including the capabilities of
 the ProxySG and ProxyAV. All forward-looking statements included in this press
 release are based upon information available to Blue Coat Systems as of the
 date hereof, and Blue Coat Systems assumes no obligation to update any such
 forward-looking statements. Forward-looking statements involve risks and
 uncertainties, which could cause actual results to differ materially from
 those projected. These and other risks relating to Blue Coat Systems' business
 are set forth in Blue Coat Systems' most recently filed Form 10-Q for the
 quarter ended January 31, 2004, and other reports filed from time to time with
 the Securities and Exchange Commission.
     NOTE:  All trademarks, trade names or service marks used or mentioned
 herein belong to their respective owners.

SOURCE Blue Coat Systems, Inc.