Security

New “FedEx Delivery” Trojan detected

IronPort Systems, announces that its Virus Outbreak Filters (VOF) were able to detect a new Trojan program disguised as a legitimate email message from logistics services company FedEx. The Filters identified and provided protection against the threat a full 40 hours and 28 minutes before other major anti-virus (AV) vendors.

The latest attack reflects an observed 220 per cent increase in the volume of threats as confirmed by data gathered from corporate consumers in the period between May 2007 and May 2008. Backdoor and password stealing applications increased 855 per cent as well, and in May of 2008 68 per cent of web-based malware exposure was traced to compromised websites. Risk of exposure to exploits and compromised sites increased an alarming 407 per cent.

“This latest Trojan offensive again proves the effectiveness of our VOFs, as we were able to provide protection almost two days before a major anti-virus vendor was able to detect the threat. The preventive capabilities of IronPort’s VOFs provide a critical first layer of defense against such new outbreaks hours and even days before traditional anti-virus solutions can generate virus signatures. This is essential for organizations that rely on the internet, and email communications in particular, for operational viability,” says Ray Kafity, Regional Sales Manager – Middle East, North Africa and Pakistan, IronPort Systems, IronPort.

The “FedEx Delivery” outbreak occurred on August 15, 2008, a month after a similar attack was launched using the UPS brand. An email purportedly sent by FedEx informed recipients of a delivery failure and instructed them to download and print out an invoice copy to collect the package. Once opened, the attachment installed a Trojan that changed the wallpaper and allowed remote hackers to take control of the infected computer. The infiltrators could then use the unit to send spam and host spyware, as well as install key loggers and screen scrapers to discretely steal personal, confidential and financial information.

Integrated into IronPort’s email security appliances, VOFs perform threat assessments on inbound and outbound messages and temporarily quarantine suspicious ones. The messages are automatically released once signatures from traditional AV vendors are deployed. This real-time and dynamic detection and response has enabled IronPort to attain average lead times of 13 hours over reactive AV solutions, while posting a very high catch rate and near-zero misclassifications.

IronPort VOFs detect web-based threats using SenderBase, the world’s largest email and web traffic monitoring network. The SenderBase Network processes data from over 100,000 contributing organizations around the world and monitors an impressive 25 per cent of total global email traffic. The Filters are also backed by a 24-hour IronPort Threat Operation Center which provides assistance from experienced analysts to ensure speed and accuracy. Both services ensure fast and accurate detection unparalleled in industry.

Other key features of the Filters include automated protection via an exclusive Context Adaptive Scanning Engine and unique Dynamic Quarantine, as well as comprehensive management through an integrated Web-based user interface, a comprehensive suite of alerts and reports backed by a detailed support website, and zero ongoing administration. The Filters also provide huge cost savings; industry’s only proven preventive solution for detecting new outbreaks; easily measurable return-on-investments; and easy setup.

Previous ArticleNext Article

Leave a Reply

GET TAHAWUL TECH IN YOUR INBOX

The free newsletter covering the top industry headlines

Send this to a friend