Issue Preview
* ECM email security Update - Threat Statistics in India *
* Top 5 Most Prevalent Viruses in India *
* Latest Virus of the Week - W32.Mytob.AV@mm
* Email Security Alert - "Pharmacy spams has its base in India".

1. ECM email security Update - Threat Statistics in India *
a) Junk mails statistics for Corporate India stays constant at 80%.

b) 71.69% of the overall mails originated from Open Relay servers, Open proxies or Zombie machines exploited worldwide.

2. Top 5 Most Prevalent Viruses in India
a) W32/Netsky.P@mm -- 31.26 %

W32/Netsky.P@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folders.The From line of the email is spoofed, and its Subject line and message body of the email vary. The attachment name varies with the .exe, .pif, .scr, or .zip file extension.

b) Worm.SomeFool.P -- 23.28 %

A mass mailing worm has its own SMTP engine to replicate itself to the email addresses that it collects from the PC it has infected. It has the ability to disable several antivirus and security applications. It has distribution and medium damage capability.

c) W32/Netsky.AK@mm -- 9.69 %

A mass mailing worm has its own SMTP engine to replicate itself to the email addresses that it collects from the PC it has infected. It has the ability to disable several antivirus and security applications. It has distribution and medium damage capability.

d) W32/Netsky.Q@mm -- 4.69 %

Is a mass-mailing worm that replicates itself by mass mailing to email addresses harvested from the infected machine. Uses the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability to cause unpatched systems to auto execute the worm when reading or previewing an infected message.

e) W32/Zafi.B@mm -- 3.40 %

W32/Zafi.B@mm or W32.Erkez.B@mm is a mass-mailing worm that sends itself to the email addresses found on an infected computer. It also copies itself to the folders that are likely to be shared on file-sharing networks. When this worm infects a computer, it attempts to overwrite .exe files. The files that it targets are usually executables that belong to security products, including Symantec products. However, in some cases, the worm may overwrite .exe files that belong to other programs. If the worm does overwrite .exe files, some programs or operating system functions may no longer work correctly.

f) Others -- 27.68 %

3. Latest Virus of the Week - W32.Mytob.AV@mm
W32.Mytob.AV@mm is a mass-mailing worm with back door capabilities that uses its own SMTP engine to send email to addresses that it gathers from the compromised computer. The worm spreads by exploiting the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Security Bulletin MS04-011).

4. Email Security Alert : News of the week

"Pharmacy Spams had its base in India : A major Internet Drug Ring Busted"

Anti-Spam service providers are looking at a possible slow down of pharmacy spams after an International coalition of cyber cops busted the biggest Internet Drug deal ring. This means if your inbox is still open for spammers then you might recieve a fewer amount of Viagra or Xanax related spam mails. The Internet pharmacy company was based in Agra, India and owned by Dr. Brij Bhusan Bansal. Dr. Bansal's son, daughter and son in law were also arrested. 20 people related to this racket were arrested in US, India and Indonesia and over 200 websites selling drugs on the Internet has been shutdown. The Indonesian convicts were actually Australian citizens and were arrested after a tip off.

The racket has generated and annual income of over $139 million in a year and they managed to succeed even after selling drugs at much higher price than the market rate. The authorities have been after this racket after an Airborne Express supervisor in suburban Philadelphia found courier envelopes full of diazepam, a generic form of Valium., being shipped by a local business that sent more than 4,300 packages in a 19 day period in February 2004.

These drugs were obtained in India and were distributed further in US and Europe. Its still unclear where exactly these drugs were made. The defendants has been charged with conspiracy to distribute controlled substances, money laundering and misbranding drugs.

* Diclaimer:

The statistics in this report are estimated on the basis of the mail traffic arriving on the Netcore's Emergic CleanMail servers with an average of 3 to 4 lakh mails hitting the servers daily. The statistics represent the mail traffic for Corporate Indian Clients and doesn't account for traffic to free email addresses.