Issue Preview
* ECM email security Update - Threat Statistics in India *
* Top 5 Most Prevalent Viruses in India *
* Latest Virus of the Week - W32.Mytob.AA@mm
* Email Security Alert - News of the Week.

1. ECM email security Update - Threat Statistics in India *
a) Junk mails in Corporate India is all time high and amounted for 71.65 % of the total mails.

b) 64.67% of the overall mails originated from Open Relay servers, Open proxies or Zombie machines exploited worldwide.

2. Top 5 Most Prevalent Viruses in India
a) W32/Netsky.P@mm -- 33.73 %

W32/Netsky.P@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.The From line of the email is spoofed, and its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file extension.

b) W32.MyDoom.BG@mm -- 19.97 %

A mass mailing worm has its own SMTP engine to replicate itself to the email addresses that it collects from the PC it has infected. The worm then downloads PWSteal.Trojan on the infected system. It sends an email message that contains a link to a website with a copy of itself. This virus is considered low in wild and has medium damage and high distribution capabilities.

c) HTML.Phishing.Bank-1 -- 9.96 %

Is a trojan that steals personal information and spreads through emails.

d) W32.FunLove.4099 -- 7.37 %

W32.FunLove.4099 replicates under Windows 95/98/Me and Windows NT. It infects programs that have .exe, .scr, and .ocx extensions. What is notable about this virus is that it uses a new strategy to attack the Windows NT file security system, and it runs as a service on Windows NT system

e) W32/Netsky.Q@mm -- 4.41 %

Is a mass-mailing worm that consists of two components: a dropper and a mass-mailing component. It uses its own SMTP engine to send itself to the email addresses it finds when scanning the disk drives. The From line of the email is spoofed, and its Subject line and message body vary. The attachment name also varies and has a .exe, .pif, .scr, or .zip file extension.

f) Others -- 24.56 %

3. Latest Virus of the Week - W32.Mytob.AA@mm
W32.Mytob.AA@mm is a mass-mailing worm with back door capabilities that uses its own SMTP engine to send email to addresses that it gathers from the compromised computer. The worm also has the ability to open a back door and spreads through the network by exploiting common system vulnerabilities.

4. Email Security Alert : News of the week

"Sender Authentication Used to fool spam defenses"

Spammers are using the very same technology that was developed with the concept of the preventing spoofed sender address mails. About one in seven spam messages, uses Sender ID or Sender Policy Framework (SPF) to bypass the Anti-Spam guardians.

Sender ID and Sender Policy Framework are two schemes that, while not universally adopted, hope to slow down the use of bogus sending addresses by linking the real sending server with the message. The server on the receiving end can compare the incoming mail with the published Sender ID/SPF record to determine if the message actually originated with its stated domain.

Other numbers culled from the first quarter of this year include a rise in spams sent through "Zombies", PCs that have been hijacked earlier - often by computer worms - and turned it into a spam spewing machine without their owner's knowledge. An average of 51% of spams arrived from these machines in the first quarter.

* Diclaimer:

The statistics in this report are estimated on the basis of the mail traffic arriving on the Netcore's Emergic CleanMail servers with an average of 3 to 4 lakh mails hitting the servers daily. The statistics represent the mail traffic for Corporate Indian Clients and doesn't account for traffic to free email addresses.