attacks can lead to mail servers of legitimate organisations
getting blacklisted. By Ambarish Deshpande, regional
director India & SAARC, IronPort Systems.
viruses continue to proliferate with new insidious tactics
employed to penetrate networks. Increasingly, viruses
are programmed to wreak havoc and destruction, assume
identity, and defraud the public. New methods of delivery
are successfully eluding network administrators-rendering
viruses even more threatening than in the past.
typical virus outbreak averages $300 per desktop in IT
clean-up costs alone. Virus or spam in their earlier days
of invention were just a means to gain publicity and to
make the best use of free time as compared to today where
its more of a money making business. Email and attachments
are still the primary way of spreading harmful content.
Iron Port''s Threat Operations Center reports that in the
past 45 days, it has blocked 20 virus outbreaks
all of them quarantined before major anti-virus vendors
released a signature.
and viral threats are also becoming far more targeted.
We are seeing the rise of tailored Trojans aimed at customers
of specific banks, dubbed "spear phishing" attacks.
Of the email-based viruses that occur on a daily basis,
only few qualify for "virus outbreak" status.
For a virus to be classified as an outbreak, it must be
a new virus or a new variant of an existing virus, have
moderate significant damage potential and have a widespread
distribution system. The most recent virus outbreaks were
Trojan Variant, Worm_Locksky, Nymex-D, Bagle-GT, FeebDL-Q
a dangerous Trojan that was recently spammed out to hundreds
of thousands of email addresses, contained the subject
line "worth to see", "prices", "Hi",
or "Hello" was contained in a seemingly benign
zipped Microsoft Word document and therefore bypassed
almost all attachment filters.
soon as the document was opened the virus exploited Microsoft
Word vulnerability to install itself. Once installed,
the virus opened a backdoor that remote hackers can use
to take over the computer. Once taken over, hackers can
use the computer to send spam and host spy ware. Remote
hackers can also install key loggers and screen scrapers
onto the infected PC to steal personal, confidential and
financial information without the user''s knowledge.
worrying trend is the increase in the volume of misdirected
bounces that has grown 35 per cent since Q1, 2006. Misdirect
bounces make up 15.2 per cent of hostile email, or approximately
7 billion messages per day. These messages clog the email
systems of the forged domain owner, but never get delivered
to an end- user. This is becoming an emerging technique
for spammers to forge the end recipient''s email address
(as the return address), so that legitimate organisations
will bounce spam on to its final destination.
attacks can cause the mail servers of these legitimate
organisations to get blacklisted. Additionally, these
attacks may result in more spam getting through to end-users,
as legacy anti-spam solutions are forced to either accept
bounces coming from these sources or risk blocking other
legitimate email from these organisations.
preventive outbreak filter provides a first layer of defense
against new outbreaks in hours. It performs a threat assessment
of inbound and outbound messages and quarantine suspicious
messages temporarily. Later messages are automatically
released once signatures from traditional anti virus are
deployed. By detecting new outbreaks in
real time and dynamically responding to prevent suspicious
traffic from entering the network, the filters ensure
customer uptime and business continuity for hundreds of
of virus outbreaks in last 45 days: 20
Number of outbreaks VOF has caught before the major AV