Issue Preview
* ECM email security Update - Threat Statistics in India *
* Top 5 Most Prevalent Viruses in India *
* Latest Virus of the Week - W32.Mytob.AU@mm
* Email Security Alert - News of the Week.

1. ECM email security Update - Threat Statistics in India *
a) Junk mails statistics for Corporate India rises to 80.27%, a 100% increase in the statistics since last 3 weeks.

b) 72.62% of the overall mails originated from Open Relay servers, Open proxies or Zombie machines exploited worldwide.

2. Top 5 Most Prevalent Viruses in India
a) W32/Netsky.P@mm -- 30.55 %

W32/Netsky.P@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.The From line of the email is spoofed, and its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file extension.

b) Worm.SomeFool.P -- 17.10 %

A mass mailing worm has its own SMTP engine to replicate itself to the email addresses that it collects from the PC it has infected. It has the ability to disable several antivirus and security applications. It has distribution and medium damage capability.

c) W32/Netsky.AK@mm -- 7.35 %

A mass mailing worm has its own SMTP engine to replicate itself to the email addresses that it collects from the PC it has infected. It has the ability to disable several antivirus and security applications. It has distribution and medium damage capability.

d) Worm.SomeFool.AA-2 -- 7.21 %

Is a mass-mailing worm that replicates itself by mass mailing to email addresses harvested from the infected machine. It has high distribution and low damage capabilities.

e) HTML.Phishing.Bank-1 -- 6.81 %

Is a trojan that steals personal information and spreads through emails.

f) Others -- 30.98 %

3. Latest Virus of the Week - W32.Mytob.AU@mm
W32.Mytob.AA@mm is a mass-mailing worm with back door capabilities that uses its own SMTP engine to send email to addresses that it gathers from the compromised computer. The worm spreads by exploiting the DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

4. Email Security Alert : News of the week

"Phishing : Are you the next target ?"

Phishing, a word that has became popular in a very short time is now considered as the most widely executed attack in the Internet today. The number of attacks on financial institutions has soared by 586% since June 2004, with the average number of attacks per day rising from 2.6 to 5. Nearly all well known banks have been targeted, including Citibank, Wells Fargo, Lloyds TSB etc to name a few.

Meanwhile a new type of phishing attack has been reported. The hook is an email offering employment as regional representative or general assistant with ICG Commerce, with high pay for minimal work. However the work involved is illegal - transfering funds between accounts on behalf of the phishers. ICG Commerce is legitimate US enterprise. But if a victim clicks on the link included in the email, they are directed to a bogus site not connected to the company. Potential 'employees' are asked to submit personal information, which may be stolen and used in identity fraud.

Early phishing attacks were easy to spot: sites had crude graphics, and messages contained plenty of errors. However, increased public awareness is forcing phishers to stay one step ahead of the game. Many phishing sites are now extremely professional, with nothing to distinguish them from legitimate sites.

Responsible financial institutions are now warning their customers not to respond to unsolicited email requesting personal information, no matter how genuine the email looks. And as for spam which promises jobs or free training courses, just remember - if it looks too good to be true, it's almost certainly a scam.

* Diclaimer:

The statistics in this report are estimated on the basis of the mail traffic arriving on the Netcore's Emergic CleanMail servers with an average of 3 to 4 lakh mails hitting the servers daily. The statistics represent the mail traffic for Corporate Indian Clients and doesn't account for traffic to free email addresses.