Press Release - For Immediate Release
IronPort Warns of Dangerous Virus Set to Destroy Documents
IronPort Virus Outbreak Filters ™ Protects Users 16 hours and 18 minutes before Traditional AV Solutions
SAN BRUNO, Calif. - February 01, 2006 - IronPort Systems Inc., the leader in email security, is warning businesses and individuals of a new virus that is designed to delete personal and business related files on February 3rd, 2006. The Kama Sutra virus, also known as Nyxem-D or Blackworm, spreads by enticing users to open seemingly pornographic attachments. Once opened, the virus disables security software and sends out additional copies of itself to email addresses harvested from the infected machine. The virus also attempts to spread through networks.
IronPort was able to detect this dangerous virus early on and IronPort's Virus Outbreak Filters protected customers within the critical period between the first exploit of a virus outbreak and the release of a reactive AV signature. In the case of the Kama Sutra outbreak, Outbreak Filters protected customers an average of 16 hours and 18 minutes before traditional AV vendors. IronPort users were protected 1 hour and 27 minutes before the first major traditional AV vendor responded to the outbreak.
Nyxem-D is unique because of the extremely dangerous payload it carries: on the third day of every month the virus initiates a process that destroys certain file types. The targeted file types include: doc, xls, ppt, pdf, zip, pps, and dmp. The first execution of this code is set for February 3, 2006.
"Recently, we've seen a trend toward smaller, targeted viruses designed purely for profit. These viruses make money by quietly taking over machines and using them to send spam or host spyware." said Tom Gillis, Senior Vice President of Worldwide Marketing of IronPort Systems. "What is frightening about the Kama Sutra virus is the lack of a logical motive - there is no real way for the virus writer to profit from it. The Kama Sutra virus confirms that there are active virus writers whose sole aim is to disrupt society."
"IronPort Systems detects attacks using SenderBase, the world's first and largest email traffic monitoring network. With SenderBase, we have a real-time view into 25% of the world's email traffic" said Pat Peterson, Vice President of Technology, IronPort Systems. "This means that as soon as an outbreak occurs we will see a spike in traffic and can issue rules to quarantine these viral messages until reactive, signature based AV solutions have had time to write signatures."
SenderBase is monitored by IronPort's Threat Operations Center (TOC). The TOC is a group of analysts dedicated exclusively to preventive outbreak detection and protection 24 hours a day, 7 days a week. When an outbreak is detected, updates are issued by the TOC to IronPort's email security appliances on a constant, rapid basis. IronPort's security appliances perform threat assessments of inbound and outbound messages based on the most recent TOC updates to quarantine suspicious messages until signatures from traditional anti-virus vendors are deployed. In the last year, Virus Outbreak Filters has stopped over 160 outbreaks, with an average lead time over traditional AV solutions of over 13 hours. This protection has stopped approximately 8 million viral messages and has saved customers an estimated $160M in cleanup costs.
To receive automated alerts of when Outbreak Filters first detects outbreaks, please visit http://www.ironport.com/outbreak_alerts/
About IronPort Systems
IronPort Systems is the leading email security provider for organizations ranging from small businesses to the Global 2000. The company has developed a family of email security appliances, the IronPort C-Series™, that offer breakthrough performance, unprecedented ease of use and reduced total cost of ownership. IronPort is driving new standards and providing innovative products for those faced with the monumental task of managing, protecting, and growing mission-critical email systems. For more information on IronPort products and services, visit: http://www.ironport.com/.
Press / Analysts
If you are a reporter or analyst and want more information on IronPort Systems please contact:
David Oro at (415) 885-9898 or dto@theorogroup.com
Suzanne Matik at (831) 479-1888 or smatick@earthlink.com
