London (ots) - Novarg (also known as Mydoom and Mimail.R), the
latest email virus to threaten the security of networks worldwide,
highlights yet again that it is not enough to rely on anti-virus
protection alone. The time it takes for anti-virus vendors to
discover a virus and issue an update against a new virus is too long
and allows ample room for infection and distribution. GFI's Trojan
and Executable Scanner, on the other hand, catches Novarg and other
new viruses immediately -- before their signatures are issued.
The difference between a virus engine and a Trojan and executable
Because anti-virus software is signature-based, it can only detect
known viruses and Trojans, and is therefore unable to detect new
viruses such as the Novarg as soon as they are released. GFI
MailSecurity's Trojan and Executable Scanner takes a different
approach: Rather than relying on signatures, it uses built-in
intelligence to rate an executable's risk level. It does this by
disassembling the executable, detecting in real time what it might
do, and comparing its actions to a database of malicious actions.
This way, GFI MailSecurity can detect unknown viruses and Trojans
before they enter the network -- and before anti-virus engine vendors
have issued signatures against them.
"A couple of hours too late"
"If a vendor takes a couple of hours to issue an update against a
new virus, this is often a couple of hours too late. By then, the
damage is done. All it takes is for one machine on a network to be
infected. The virus then propagates to that network and others,
causing great damage," explained David Vella, GFI MailSecurity
Product Manager. "Organizations need to take a proactive approach to
protecting themselves and should install gateway-level protection
against one-off and unknown email threats and Trojans, as well as
standard virus scanning software."
It is for this reason that GFI MailSecurity for Exchange/SMTP --
GFI's email content security and anti-virus product for Exchange and
SMTP mail servers -- incorporates a number of features against email
threats, including the Trojan and Executable Scanner.
Novarg.A is reported to be infecting a vast number of computers.
This worm is an executable that travels in the form of an email
attachment, and it requires users to run the executable to be
activated. The worm spoofs the email sender and the executable is
usually compressed inside a zip file. It also launches a Denial of
Service attack on www.sco.com and opens a backdoor on the infected
computers. The GFI Trojan and Executable Scanner feature is able to
catch Novarg.A because this infringes the scanner's "CheckUPX" rule;
the worm is compressed using a UPX packer, which indicates that such
an executable might be malicious. Further information is available at
About GFI MailSecurity for Exchange/SMTP
GFI MailSecurity for Exchange/SMTP is an email content checking,
exploit detection, threats analysis and anti-virus solution that
removes all types of email-borne threats before they can affect an
organization's email users. GFI MailSecurity's key features include
multiple virus engines, to guarantee higher detection rate and faster
response to new viruses; email content and attachment checking, to
quarantine dangerous attachments and content; an exploit shield, to
protect against present and future viruses based on exploits (e.g.,
Nimda, Bugbear); an HTML threats engine, to disable HTML scripts; a
Trojan & Executable Scanner, to detect malicious executables; and
more. Further information and a full evaluation version are available
GFI is a leading provider of Windows-based network security,
content security and messaging software. Key products include the GFI
FAXmaker fax connector for Exchange and fax server for networks; GFI
MailSecurity; GFI MailEssentials; GFI LANguard Network Security
Scanner (N.S.S.); GFI Network Server Monitor and GFI LANguard
Security Event Log Monitor (S.E.L.M.). Clients include Microsoft,
Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL,
Caterpillar, BMW, the US IRS, and the USAF. GFI has offices in the
US, the UK, Germany, Cyprus, Romania, Australia and Malta, and
operates through a worldwide network of distributors. GFI is a
Microsoft Gold Certified Partner and has won the Microsoft Fusion
(GEM) Packaged Application Partner of the Year award.
All product and company names herein may be trademarks of their
ots Originaltext: GFI Software Ltd.
Angelica Micallef Trigona
GFI Software Ltd -- Malta