Welcome!

Machine Learning Authors: Pat Romanski, Elizabeth White, Yeshim Deniz, Liz McMillan, Zakia Bouachraoui

News Feed Item

Second Massive Email Virus Attack in a Month Portends Explosive Growth in Fraud, Theft, Spam and Viruses

Storm Worm Drives Volume of Email Viruses on the Internet Upward by a Factor of 20

SAN CARLOS, Calif., Jan. 29 /PRNewswire/ -- Postini, the global leader in on-demand communications security, compliance and productivity solutions for email, instant messaging and the web, today announced that hackers and spammers are raising their onslaught in 2007 as witnessed by two massive, global email-borne virus attacks which took place from December 29 to December 31, 2006 and again from January 19 to January 21, 2007. Each of these attacks was so large that they drove up the level of viruses on the Internet up by a factor of 20 over usual activity.

Both attacks were designed to steal personal information and hijack the recipient's computer to add to ever growing "bot-nets" - massive networks of infected personal computers used to distribute spam and virus attacks. The size and sophistication of these back to back attacks implies that spam and virus levels on the Internet, which are already at all-time highs, will continue to rise as newly hijacked computers are brought into action and begin spewing even more spam and viruses.

This latest attack has become known as the Storm worm because the original email subject line was, "230 dead as storm batters Europe". At the time of the email, there in fact was actually a heavy winter storm occurring in Europe. This is the latest example of the attackers' sophistication and real- time capabilities, launching the attack and timing it to coincide with real news about the storm. The email that contained the virus frequently mutated to show dozens of different fake, sensational but believable headlines designed to tempt the reader into clicking on an attachment and thus infecting their computer. Other subjects included, "Russian missile shot down USA aircraft" and "Saddam Hussein alive!"

The infectious email had a file attachment that contained a trojan horse virus known as Downloader-BAI or AUTH-W32/Downloader. If a person clicks on the attachment, their computer will become infected with the virus which then attempts to send personal information (including email addresses, financial information and credit card information) from that computer back to the hackers who created the virus. They can then use this information for identity theft or sell it to others. The virus also provides a back-door for hackers to take control of the computer and add it to a bot-net to be used in future spam and virus attacks. This attack also illustrated the escalating vicious cycle of spam and viruses being fueled by and creating bot-nets. The virus was distributed by email, which was sent from bot-net zombies that had been infected by previous email-borne viruses and the intent of the virus was to infect even more computers and turn them into larger bot-net zombie network to use in future spam and virus attacks. The email subject, content and virus all mutated many times over the course of the outbreak in an attempt to evade detection. Anti-virus engine providers had to issue several signature updates throughout the outbreak.

As the virus attack began, Postini's PREEMPT email protection service immediately began blocking the worm. Over the three day period, Postini stopped more than 29 million infected messages from reaching the 36,000 businesses Postini provides email security services for. On January 20, 2007 alone, Postini blocked almost 17 million infected email messages, nearly 20 times the average daily virus volume in 2006.

The January 2007 Storm worm follows on the heels of another email-borne virus, the Happy New Year worm, which attacked the Internet in late December 2006. The Happy New Year worm contained a subject line and an attachment exploiting the expectations of legitimate postcards and greetings from friends and families. The infected attachment contained numerous strains of malicious code (including Tibs, Nuwar, Banwarum, and Glowa) as well as two root kits designed to hide the presence of the malicious code from anti-virus scans. Ultimately, the goal of the Happy New Year worm was to create more zombie computers that could be added to bot-nets and used for additional spamming and other attacks.

Starting on December 28, 2006, Internet virus volumes began to dramatically increase and Postini PREEMPT email protection began blocking infected messages. At the peak of the outbreak on December 30, 2006, Postini blocked 19.5 million messages infected with the Happy New Year worm and its variants.

These two attacks were by far the largest to occur in the past 12 months. "The explosion of bot-nets, millions of infected computers controlled by malicious actors around the world, has changed the balance of power in the world communications security," said Daniel Druker, executive vice president of marketing at Postini. "As Valentines Day approaches, email users should continue to keep their guard up, as there are already new mutations of the Storm worm with love-related subject lines."

About Postini

Postini is the global leader in on-demand communications security, compliance and productivity solutions for email, instant messaging and the web. Postini offers an award-winning suite of on-demand services for electronic communications, including protection from viruses, spam, phishing, fraud and other attacks, secure messaging, and archiving, discovery and production of electronic messages. The company's powerful on-demand infrastructure integrates with customers' environments, providing security, compliance and productivity solutions for more companies than any other provider in the world. Postini's services are designed to protect organizations from a wide range of threats, reduce compliance and legal risks, ensure reliable communications, and enable the intelligent management and enforcement of enterprise policies that protect companies' intellectual property, reputations and business relationships. For more information please contact Postini at [email protected] or visit http://www.postini.com/ .

Media Contacts: Marty Tacktill Postini (650) 486-8269 [email protected] Derek Kober GlobalFluency (650) 433-4233 [email protected]

Postini

CONTACT: Marty Tacktill of Postini, +1-650-486-8269, or
[email protected]; or Derek Kober of GlobalFluency, +1-650-433-4233, or
[email protected]

Web site: http://www.postini.com/

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

CloudEXPO Stories
This is going to be a live demo on a production ready CICD pipeline which automate the deployment of application onto AWS ECS and Fargate. The same pipeline will automate deployment into various environment such as Test, UAT, and Prod. The pipeline will go through various stages such as source, build, test, approval, UAT stage, Prod stage. The demo will utilize only AWS services including AWS CodeCommit, Codebuild, code pipeline, Elastic container service (ECS), ECR, and Fargate.
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of recent developments, including containers and Docker, distributed resource management, and DevOps tool chains and processes. The resulting infrastructure and management framework must be optimized for distributed and scalable applications, take advantage of innovation stemming from a wide variety of open source projects, span hybrid environments, and be adaptable to equally fundamental changes happen...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San Francisco which creates an "Outcomes-Centric Business Analytics" degree." Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science" is responsible for guiding the technology strategy within Hitachi Vantara for IoT and Analytics. Bill brings a balanced business-technology approach that focuses on business...