Block all viruses at email server level with GFI MailSecurity!
GFI MailSecurity for Exchange/SMTP is an
email content checking, exploit detection, threats analysis and
anti-virus solution that removes all types of email-borne threats
before they can affect your email users. GFI MailSecurity's key
features include multiple virus engines, for virus engine independence
and better security; email content and attachment checking, to quarantine
dangerous attachments and content; an exploit shield, to detect
emails with OS and application exploits; an HTML threats engine,
to disable HTML scripts; a Trojan & Executable Scanner, to detect
potentially malicious executables; and more.
Listed below are some of the popular viruses
from the last few months. To protect against current and future
versions of these viruses you need to have comprehensive email security
including multiple virus engines, email exploit detection and content
checking.
MyDoom Worm
MyDoom (also known as Novarg, Mimail.R and Shimg) arrives as an email attachment and requires users to run the executable. The worm spoofs the email sender and the executable is usually compressed inside a zip file. It also opens a backdoor on infected computers.
BugBear Worm
The BugBear worm travels as an email attachment and can sometimes
run automatically on computers running a vulnerable version of Internet
Explorer. The worm emails itself to the contacts listed on an infected
machine and propagates through network shares.
MiMail Worm
MiMail is a mass mailing Internet worm which attempts to use a Microsoft
Internet Explorer exploit that allows a created executable virus
to run on the local computer. Worm/MiMail.A spreads through e-mail
by using addresses it collects from local files. It arrives with
a zip file attachment, "message.zip"- this file contains
the file "message.html". Using the noted security exploit
within Internet Explorer, message.html will produce an executable
file and run it.
Palyh Worm
This worm arrives as an e-mail attachment and requires users to
run the executable. The worm sends infected emails to addresses
found in the .dbx, .htm, .html, .eml and .txt files. W32/Palyh will
also use its own SMTP routines for propagation and spreads through
network shares by copying itself to the certain locations on computers
with network shares enabled.
Fizzer Worm
This worm arrives as an e-mail attachment and requires users to run
the executable. The worm also installs a backdoor on the infected
system and kills Security and AntiVirus programs and allows the author
of the worm to execute commands on the infected computer.
Lirva Worm
This worm is a variant of W32/Lirva.A@mm and resembles the original
worm. It arrives as an attachment through email and can sometimes
run automatically on computers running a vulnerable version of Internet
Explorer. To run automatically, this worm randomly uses the "Malformed
MIME header" vulnerability in Internet Explorer. It also tries
to spread through ICQ, IRC and KaZaA and contains a Password-Stealer
as payload.
Sobig Worm
This worm arrives as an e-mail attachment and requires users to run
the executable. The worm tries to download a backdoor from a specific
website.
Klez Worm
Klez exploits a vulnerability in Microsoft Outlook and Outlook
Express in an attempt to execute itself when you open or even preview
the message in which it is contained. Once executed, Klez will overwrite
files and create hidden copies of the originals.
Sircam Worm
Sircam has the ability of spreading through Windows Network shares.
Sircam sends e-mails with variable user names and subject fields,
and attaches user documents with double extensions (such as .doc.pif
or .xls.lnk) to them.
Nimda Worm
Nimda searches for open network shares, attempts to copy itself
to unpatched or already vulnerable Microsoft IIS web servers, and
infects both local files and files on remote network share. The worm
will also create open network shares on infected computers.
Anna Kournikova
The Anna Kournikova Virus will write a copy of itself to the user's
Windows directory. The worm will then attempt to send a copy of itself
to every entry in the user's Outlook address book.
Homepage Worm
The Homepage worm is an encrypted VBScript worm that sends itself
to all recipients in an infected user's Microsoft Outlook address
book. It also has a payload that opens a pornographic Web site.
BadTrans Worm
Badtrans forwards itself to addresses found on the infected computer
as an email message with no message text. The worm also drops a file
named kdll.dll, which is a password-stealing Trojan horse.
Navidad Worm
Navidad replies to all inbox messages that contain a single attachment.
When the worm is executed, it causes your system to be unusable.
|
Essentials
