Tag Archives: MessageLabs

MyDoom Anniversary: Another Big Attack In The Offing?

Today’s the first anniversary of the MyDoom.A worm. According to an email I received earlier today from MessageLabs, ‘the world’s leading provider of email security services to business’, it was a day that “changed the virus landscape forever”:

27 January 2005 – At 13.26pm on 26 January 2004, MessageLabs,  intercepted its first copy of W32/MyDoom.A. Within the first twenty-four hours, the company had stopped over 1.2 million copies. MyDoom.A, which achieved a peak infection rate of 1 in 12 emails, has proved to represent a landmark in the history of computer viruses, and the legacy lives on..

I’m not sure whether this is just a coincidence, but I’m told by folks at Network Box of a fresh attack by Bagle: “Depending on the next few hours, this could be a large attack,” says Network Box’s Quentin Heron:

Network Box Security Response is tracking several new variants of the Bagle Internet worm… We are seeing thousands of blocks on these variants, from dozens of sites in Hong Kong. We are checking worldwide infection rates at the moment, but this looks extensive.

For those of you who follow these things, the worm matches signatures from Kaspersky Labs of Email-Worm.Win32.Bagle.ax and Email-Worm.Win32.Bagle.ay.

I’ll keep you posted.

The Next Step: Anti Phishing Services

MessageLabs, those hyperactive purveyors of Internet security, have come up with an anti-phishing service for banks and other targeted companies (Phishing is the scam whereby bogus emails entice you to give up your online banking password and other sensitive information), the first of its kind I do believe. It had been available to about 15 banks and is now available to everyone. 


The service involves “real-time scanning, expert analysis and authentication, incident response and early notification of suspicious email activity”.  The company uses Skeptic™ Radar (I’m not making this up) technology to scan millions of email messages to detect threats and anomalies. When a scam is identified, analysed and authenticated, the company notifies the targeted company and provides details of the attack. Companies are then able to work with law enforcement agencies to quickly and effectively shut down scammers. (It says here.)


MessageLabs says it has been able to alert “in-house IT staff to the problem before they knew of its existence”. In pilot cases it was able to close down fraudulent website within a couple of hours.


MessageLabs reckon about “20% of all recipients that receive phishing emails have been duped into providing user names, passwords and social security numbers”. That’s a very high figure; I’d heard 5%. I’ll try to find out where MessageLabs get it from.

Another Spamming Record

You’re probably getting bored of spam statistics by now, and I wouldn’t blame you. But here’s another milestone, courtesy of MessageLabs, who monitor this kind of thing: December was a new record, they say, for the ratio of spam to ordinary email. In that month, MessageLabs scanned some 463 million emails and found that 1 in every 1.6, or 62.7% of them, was spam. They don’t give a comparative figure, but their PR says that’s a new record.

Of course, it may just have been the holiday season, although spam this month shows no sign of easing up, either for that reason or for new laws. MessageLabs also do a breakdown by industry, to show which are most vulnerable to getting spam (useful, I guess, if you’re in those industries and you need to measure how big a problem it is for your staff). It turns out the public sector has the smallest problem — only 1 in every 3.65 emails your average civil servant gets is spam — whereas if you’re a healthcare worker, chances are that every 1 in 1.21 emails you get is junk. Go figure.

Here’s another weird statistic. MessageLabs also monitor viruses, and their figures seem to show that, depending on what country and sector you’re in, your chances of a getting an email vary wildly. In U.S. real estate? Relax, only 1 in 439 emails is going to be a virus. In the UK leisure and recreation industry? The likelihood rises to 1 in less than 50. Why would that be?

Happy Birthday, SoBig

A press release from email security folks MessageLabs points out that tomorrow is the first anniversary of the SoBig.A worm’s debut. SoBig.A (the A bit means it was the first of a stream of worms that were somehow based on the SoBig worm) wasn’t just any kind of worm, MessageLabs point out. SoBig.A was unique in being the first virus to use convergence techniques to create maximum havoc.

Basically this means SoBig.A didn’t just do one thing. It incorporated both spamming and virus writing techniques — infecting hundreds of thousands of computers worldwide, installing open proxies on compromised machines, which were then used to disseminate spam — unknown to the users. To date, MessageLabs has intercepted 727,102 copies of the worm in 183 countries, and it continues to spread.

SoBig was so successful it’s now into version F, the most prolific virus to date. The SoBig family, MessageLabs say, has also served as the model for other viruses using convergence techniques, such as the Fizzer worm. MessageLabs predicts that this style of virus writing will be extensive during 2004.

Needless to say, this all helps blur the boundary between spammers, scammers, virus writers (and, probably, the Mob). Says David Banes, MessageLabs’ Technical Director Asia Pacific: “The success of SoBig has served as an inspiration to cyber criminals, and demonstrates what can be achieved when they work together.”

2003, Year of the Spiral of Evil? Or Just The Start?

MessageLabs, who track this sort of thing, say that spam and viruses hit all time highs in 2003. Not surprising, but the figures are pretty shocking, revealing the symbiotic relationship between spam and viruses — what I called in a recent WSJ/FEER column The Spiral Of Evil (no, it doesn’t seem to have caught on). Here are the figures:

— Two-thirds of all spam coming from open proxies created by viruses
— Ratio of spam to email is 1 in 2.5 – up 77 per cent in 12 months
— Ratio of virus to email now 1 in 33 – up 84 per cent

Basically, this means that virus writers are hijacking innocent computers and turning them into open proxies — a sort of free sorting office for spam, churning it all and in the process hiding the original sender from anti-spammers.

Here’s the link: Highlights of 2003 include Sobig.F breaking the world record in August to become the fastest spreading virus ever with one million copies stopped in a day by MessageLabs. MessageLabs also reckon that 66% of spam was coming from computers infected by viruses such as Sobig.F. At its peak, 1 in every 17 emails stopped by MessageLabs contained a copy of the SoBig.F. By December 1, more than 32 million emails containing the virus had been stopped by MessageLabs, putting Sobig.F at head of the Top 10 Viruses List for 2003.

Update: Sobig Is Back

 Just when you thought it was safe to disable the antivirus software. MessageLabs reports of a fast spreading mass-mailing virus it’s calling W32/Sobig.F-mm.  The initial copies all originated from the United States.
Sobig.F appears to be polymorphic in nature and the email from: address is also spoofed and may not indicate the true identity of the sender.  It may carry the subject line ‘Re: Details’ and say ’Please see the attached file for details.’ in the text.
Attachment names may include: your_document.pif, details.pif, your_details.pif, thank_you.pif,  movie0045.pif, document_Fall.pif, application.pif, document_9446.pif. Watch out. It’s moving rapidly, a bit like babies across the floor.