Issue Preview
* ECM email security Update - Threat Statistics in India *
* Top 5 Most Prevalent Viruses in India *
* Latest Virus of the Week - W32MyDoom.BG@mm
* Email Security Alert - News of the Week.

1. ECM email security Update - Threat Statistics in India *
a) 46.34% of emails amounted for the total junk mails circulating as mails intended for the Indian users.

b) 40.91% of the overall mails originated from Open Relay servers, Open proxies or Zombie machines exploited worldwide.

2. Top 5 Most Prevalent Viruses in India
a) W32/Netsky.P@mm -- 49.79 %

W32/Netsky.P@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.The From line of the email is spoofed, and its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file extension.

b) W32/Netsky.AK@mm -- 15.39 %

W32/Netsky.AK@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.

c) W32/Netsky.Q@mm -- 7.61 %

Is a mass-mailing worm that consists of two components: a dropper and a mass-mailing component. It uses its own SMTP engine to send itself to the email addresses it finds when scanning the disk drives. The From line of the email is spoofed, and its Subject line and message body vary. The attachment name also varies and has a .exe, .pif, .scr, or .zip file extension.

d) HTML.Phishing.Bank-1 -- 4.23 %

Is a trojan that steals personal information and spreads through emails.

e) W32/FunLove.4099 -- 3.88 %

W32.FunLove.4099 replicates under Windows 95/98/Me and Windows NT. It infects programs that have .exe, .scr, and .ocx extensions. What is notable about this virus is that it uses a new strategy to attack the Windows NT file security system, and it runs as a service on Windows NT system

f) Others -- 19.1 %

3. Emergic Virus of the Week - W32MyDoom.BG@mm
The latest mass mailing worm has its own SMTP engine to replicate itself to the email addresses that it collects from the PC it has infected. The worm then downloads PWSteal.Trojan on the infected system. It sends an email message that contains a link to a website with a copy of itself.

This virus is considered low in wild and has medium damage and high distribution capabilities.

A sample of the email message it sends to the email addresses found on the infected system is as listed below.

From:
VirusAlert@symantec.com

Subject:
Virus Alert id: <5 digit random number>

Message:
You received this message as a valuable
Symantec.com member since September 23, 2003.

************************************************************
WARNING! Your computer was infected by VIRUS:
Worm.SomeFool.P

You can install this utility to remove virus
************************************************************

http://[domain removed]/FxAgentB.exe

The link in the message is a link to a website containing a copy of W32.MyDoom.BG@mm. Users are advised not to dowload any exe or other executable files that comes as link in the mail even though it comes from a trusted source.

4. Email Security Alert : News of the week

What Spammers and Virus authors are upto ?

Spammers are using virus-like methods to send out more and more spam. Leading computer security organizations have revealed the possible interconnection between spammers and viruses writers and have reported that "Spammers and Virus writers have been working closely to further carry out their activity". Also possible interconnection between different Virus authors is suspected. Virus authors are reportedly now sharing source code of their worms and trojans and working together for a more dangerous attack. They have been coordinating through IRC channels and have been releasing lower versions of their experiments in form variations of Mydoom and Netsky viruses. Concerns of a possible major outbreak of a new virus is expressed globally and Email Security companies are gearing up for the impact.

*Diclaimer: The statistics in this report are estimated on the basis of the mail traffic arriving on the Netcore's Emergic CleanMail servers with an average of 3 to 4 lakh mails hitting the servers daily. The statistics represent the mail traffic for Indian Clients and doesn't imply on the entire Indian Mail traffic.