IronPort Systems, a leading e-mail and web security products provider, has detected a new malicious Trojan Horse program.
IronPort’s S-Series Web Reputation Filters were able to capture, identify, report and respond against the new internet threat, which uses a fake anti-spyware website, http://antispyware911.com, to lure internet users to download a phony scanner containing the Trojan, the company said.
It said the program has not been identified by other leading web security systems.
The bogus website claims to be a free fix for a spyware; users who accept the offer unsuspectingly download the malicious Trojan. Unlike infectious malicious programs such as viruses, such Trojan horse codes do not propagate by self-replication but instead rely on the exploitation of an end-user. IronPort’s latest discovery reflects the prevalence of malevolent social engineering throughout the internet, where trickery is used to gather information or gain access to computer systems via the web.
“It was fortunate that we were able to identify this threat and thus immediately warn users of this latest attack against the internet. However, we are concerned that the Trojan escaped detection from major security platforms. This shows how even the best-protected computer systems remain susceptible to infiltration, especially via social engineering; we thus advise internet users to be wary of suspicious offers and communications and make sure that they have reliable network security solutions in place,” said Ray Kafity, regional sales manager – Middle East, North Africa and Pakistan, IronPort Systems.
The latest outbreak was detected using IronPort’s S-Series Web Reputation Filters, which are integrated into the S-Series of family of web security appliances. Considered the industry’s fastest web security appliances, the S-Series combines a high-performance security platform with IronPort’s exclusive Web Reputation technology and its Dynamic Vectoring and Streaming engine, a new scanning technology that supports signature-based spyware filtering, he said.
The S-Series also uses IronPort’s SenderBase anti-spam reputation management technology, which determines the parts of a web page that are secure enough to go through browsers, said Kafity.
IronPort, a business unit of leading global network solutions provider Cisco Systems’ Security Technology Group, was recognised as one of the world’s leading messaging security appliance vendors in terms of revenue and market share by International Data Corp in December 2007. The company maintains the renowned SenderBase Network, the world’s first and largest email and web traffic monitoring system.
The SenderBase Network collects data from more than 100,000 organisations around the world, measures more than 110 various parameters for any email server, and processes more than 5 billion queries daily. The network currently monitors more than 25 per cent of global messaging traffic; it blocks up to 80 per cent of spam at the connection level and enhances malware catch rates by more than 20 per cent over signature-based scanning alone, he said.
SenderBase and other IronPort products and solutions are continuously enhanced through partnerships with prominent IT companies such as Dell, McAfee, and Oracle, he added. – TradeArabia News Service