Menu
Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

TROJAN SCANNERS BLOCK MYDOOM

  • 30 January, 2004 10:43

<p>NEWS EDITORS NOTE: Trojan scanners will pick up/block Mydoom - but no network can guard against the "office idiot" who compulsively opens even suspicious attachments - or malicious workers who do so deliberately - according to GFI European security specialist Scott Hagenus.</p>
<p>HAGENUS from GFI Asia Pacific is happy to give his background technical opinion of the dramatic new Mydoom email virus - just how serious is it, how it works and what protections are available - with or without plugging his company or its products.
You can call him on 07 8273 3000 or 1800 22 55 43 or call Terry Quinn on 02 9460 0145; 0439 710 418</p>
<p>European messaging and content security specialist GFI has issued the following technical explanation of the MyDoom/Novarg virus.</p>
<p>PRESS RELEASE For immediate release</p>
<p>The Mydoom/Novarg virus can be caught by GFI’s gateway-level Trojan scanner BEFORE anti-virus vendors release updates against it</p>
<p>"A two hour vendor warning can be two hour too late"</p>
<p>Sydney, 30 January 2004 –Novarg (also known as Mydoom and Mimail.R), the latest email virus to threaten the security of networks worldwide, highlights yet again that it is not enough to rely on anti-virus protection alone. The time it takes for anti-virus vendors to discover a virus and issue an update is too long and allows ample room for infection and distribution. GFI’s Trojan and Executable Scanner catches Novarg and other new viruses immediately - before their signatures are issued.</p>
<p>The difference between a virus engine and a Trojan and executable scanner:</p>
<p>Because anti-virus software is signature-based, it can only detect known viruses and Trojans, and is therefore unable to detect new viruses such as the Mydoom/Novarg as soon as they are released. GFI MailSecurity's Trojan and Executable Scanner takes a different approach: Rather than relying on signatures, it uses built-in intelligence to rate an executable’s risk level. It does this by disassembling the executable, detecting in real time what it might do, and comparing its actions to a database of malicious actions. This way, GFI MailSecurity can detect unknown viruses and Trojans before they enter the network - and before anti-virus engine vendors have issued signatures against them.</p>
<p>"A couple of hours too late"</p>
<p>"If a vendor takes a couple of hours to issue an update against a new virus, this is often a couple of hours too late. By then, the damage is done. All it takes is for one machine on a network to be infected. The virus then propagates to that network and others, causing great damage," explained Scott Hagenus, GFI Asia Pacific. "Organizations need to take a proactive approach to protecting themselves and should install gateway-level protection against one-off and unknown email threats and Trojans, as well as standard virus scanning software."</p>
<p>It is for this reason that GFI MailSecurity for Exchange/SMTP - GFI’s email content security and anti-virus product for Exchange and SMTP mail servers - incorporates a number of features against email threats, including the Trojan and Executable Scanner.</p>
<p>Mydoom or Novarg.A is reported to be infecting a vast number of computers. This worm is an executable that travels in the form of an email attachment, and it requires users to run the executable to be activated. The worm spoofs the email sender and the executable is usually compressed inside a zip file. It also launches a Denial of Service attack on www.sco.com and opens a backdoor on the infected computers. The GFI Trojan and Executable Scanner feature is able to catch Novarg.A because this infringes the scanner’s "CheckUPX" rule; the worm is compressed using a UPX packer, which indicates that such an executable might be malicious.</p>
<p>Further information is available at http://www.gfi.com/news/en/novarg.htm.</p>
<p>About GFI MailSecurity for Exchange/SMTP</p>
<p>GFI MailSecurity for Exchange/SMTP is an email content checking, exploit detection, threats analysis and anti-virus solution that removes all types of email-borne threats before they can affect an organization's email users. GFI MailSecurity's key features include multiple virus engines, to guarantee higher detection rate and faster response to new viruses; email content and attachment checking, to quarantine dangerous attachments and content; an exploit shield, to protect against present and future viruses based on exploits (e.g., Nimda, Bugbear); an HTML threats engine, to disable HTML scripts; a Trojan &amp; Executable Scanner, to detect malicious executables; and more. Further information and a full evaluation version are available at http://www.gfi.com/mailsecurity/.</p>
<p>About GFI</p>
<p>GFI is a leading provider of Windows-based network security, content security and messaging software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti-virus software; GFI MailEssentials server-based anti-spam software; GFI LANguard Network Security Scanner (N.S.S.) security scanning and patch management software; GFI Network Server Monitor that automatically sends alerts, and corrects network and server issues; and GFI LANguard Security Event Log Monitor (S.E.L.M.) that performs event log based intrusion detection and network-wide event log management. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has offices in the US, the UK, Germany, Cyprus, Romania, Australia and Malta, and operates through a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion (GEM) Packaged Application Partner of the Year award.</p>
<p>All product and company names herein may be trademarks of their respective owners.</p>
<p>--------------------------------------------------------------------------------</p>
<p>For more information:</p>
<p>Please email Terry Quinn WordsPLUS on quinnid@ozemail.com.au</p>
<p>02 9460 0145; 0439 710 418</p>

Most Popular
Computerworld
ARN
Techworld
CMO