TMCnet News
MX Logic Reports One in Eight Email Messages Infected by Sober.Z Worm; Blocking Port 25 Will Assist in Stopping Mass-Mailing Worm PropagationDENVER --(Business Wire)-- Nov. 22, 2005 -- MX Logic Inc., a leading provider of innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, resellers and their customers, reports that as of noon MT on Tuesday, Nov. 22, the MX Logic Threat Center had blocked over 1 million email messages infected with the latest variant of the prolific Sober worm, W32/Sober.Z -- or one in every eight emails. MX Logic first detected Sober.Z on Monday, Nov. 21, and began blocking it immediately on behalf of its 6,600 customers worldwide. Sober.Z (aka W32.Sober.X@mm, W32/Sober@MM!M681,WORM_SOBER.AG, Sober.Y, and W32/Sober-{X, Z}) is a mass-mailing worm spread through a .zip file attached to an email. Once the attachment is opened, the worm uses its own email engine to send itself to addresses harvested from the infected computer. "It is no surprise that we have seen yet another variant of the Sober worm, as this worm propagates via port 25 SMTP traffic," said Scott Chasin, CTO, MX Logic Inc. "Government and industry organizations have issued best practices suggesting that blocking port 25 will help eliminate worm and spam propagation via email. As long as this port remains open, we will continue to see mass-mailing worms such as this latest Sober variant." Port 25 is an Internet gateway that is used for the sending of email traffic on the Internet. As a globally recognized best practice, ISPs can choose to block this port to prevent malicious outbound email, such as the Sober.Z worm which used its own SMTP engine to propagate. As with other recent variants of the Sober worm, Sober.Z uses a number of different subject lines and message bodies. Spoofed email addresses suggest that the attachment was sent by a government authority such as the FBI or CIA and request that the attachment be opened to verify charges brought against the email's recipient. Examples of Sober Z subject lines include: -- "Your IP was Logged" -- "hi, ive a new mail address" -- "You visit illegal web sites" -- "Paris Hilton & Nicole Richie" -- "Registration confirmation" Earlier this year, the Federal Trade Commission (FTC) provided service providers best practices to stop outbound email abuse. These include: -- Blocking port 25 -- Applying rate-limiting controls for email relays -- Identifying computers that are sending atypical amounts of email, taking steps to determine if these computers are acting as spam zombies and, when necessary, quarantining the affected computers until the source of the problem is removed -- Providing plain-language information for customers on how to keep their home computers secure MX Logic Multi-Layered, Managed Protection Against Email Viruses and Worms MX Logic provides a multi-layered, fully managed virus protection that delivers optimum defense against worms and viruses at the Internet level -- before they can enter and damage a customer's corporate messaging infrastructure. MX Logic email defense solutions leverage the virus-detection power of three leading anti-virus engines -- Authentium(R), McAfee(R) and Sophos(R) -- which are updated every five minutes to ensure the most current virus and worm protection. In addition to third-party anti-virus engines, MX Logic email defense solutions incorporate the company's proprietary worm-detection technology, which uses sophisticated content behavior analysis to rapidly identify and intercept zero-hour threats -- threats that appear before an anti-virus signature is developed to detect them. MX Logic's multi-layered virus and worm protection frees internal corporate IT resources from managing timely signature updates by shifting the burden of threat management away from the enterprise to MX Logic. MX Logic email defense solutions also allow IT administrators the ability to respond to infected email by choosing to have viruses stripped from incoming email, quarantining infected messages for review, or blocking infected email outright. About MX Logic MX Logic Inc. provides innovative email defense solutions that ensure email protection and security for businesses, service providers, government organizations, and resellers and their customers. The company's feature-rich solution suite is the industry's most comprehensive, flexible and easy to use. Founded by messaging industry pioneers, MX Logic has delivered numerous industry firsts to the enterprise spam market, including becoming the first managed service provider to: leverage Bayesian Statistical Classification; provide spam beacon ("Web bug") blocking; offer quarantine management via email; provide corporate-level quarantine release reports that help reduce inappropriate email while decreasing corporate liability; and deliver a solution for tracking URL click-throughs from email to the Web, providing increased corporate control and security. MX Logic processes billions of messages each month for over 6,600 organizations worldwide, including EnCana, Hyundai Motor America, Internet Initiative Japan, ServiceMaster, The Sports Authority, Verio Inc., and YMCA. In addition, MX Logic is the only email defense company to offer both a managed service and a turnkey, carrier-grade software solution for service providers. For more information, visit www.mxlogic.com. |
