Hosting News

Barracuda Networks Detects and Blocks "Backdoor" Virus Sent via Fake Microsoft Security Update Email
2008-10-12

Campbell, Calif., Oct. 9, 2008 ? Barracuda Networks Inc., announced that Barracuda Central, its 24x7 security operations center, began immediately blocking a malicious ?backdoor? virus distributed via a socially engineered email purportedly from Microsoft earlier today. Barracuda Networks was one of the first vendors to profile the malware and quickly categorized it in the Barracuda Real-Time Protection system to block the virus in incoming and outbound emails on all Barracuda Spam Firewalls worldwide with Barracuda Real-Time Protection enabled.

The virus, categorized by Barracuda Central as ?Trojan.Backdoor.Haxdoor,? is delivered as an attachment to an email allegedly from the Microsoft Security Assurance team and utilizes several innovative social engineering techniques, such as using Microsoft KnowledgeBase naming conventions for the file attachment, as well as the inclusion of a PGP signature block at the bottom of the email message. The email informs the recipient that ?Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.?

Further, the fake email ?strongly? recommends that the recipient install a ?update? to ?protect your computer against security threats and performance problems.? Once installed, Barracuda Central determined that the malware "phones home," and leaves an outbound TCP connection open presumably to await further instructions.

?The leverage of the Microsoft name, the inclusion of an apparent PGP signature block - frequently used by security professionals - and the routine nature in which users are accustomed to applying software updates make for a dangerous and potentially effective combination of social engineering techniques in this particular attack,? said Stephen Pao, vice president of product management for Barracuda Networks. ?Unsuspecting users without the proper virus protections in place, could mistakenly install the malware. Based on the volume of real-time blocks reported by the Barracuda Real-Time Protection system in the outbreak's early stages, we know the attack hit a significant global footprint."

In addition, Barracuda Central categorized this malware in its anti-spyware protocol definitions to block all "phone home" activity across all Barracuda Web Filters worldwide, preventing the attack from affecting corporate networks even when users with previously infected laptops connect to the network.

For email not protected by Barracuda Spam Firewalls, such as personal email, the Barracuda Web Filter can block the virus in Web downloads when behind Barracuda Web Filters.

About Barracuda Real-Time Protection
Barracuda Real-Time Protection is a set of advanced technologies that enables Barracuda Spam Firewalls to immediately block the latest virus, spyware, and other malware attacks as they emerge. These capabilities provide industry-leading response times to email-borne threats by adding a third layer of antivirus protection to the Barracuda Spam Firewall. Barracuda Real-Time Protection draws from the largest and most diverse installed base in the industry to detect early trends in email-borne threats. Once Barracuda Central engineers identify a potential virus or malware outbreak based on the frequency, diversity of sources and the metadata about the message itself, Barracuda Central validates the hypothesis by collecting samples of suspect emails from Barracuda Spam Firewalls around the world that elect to participate in data collection.

About Barracuda Central
Barracuda Central is the 24x7 security center operated by Barracuda Networks to monitor and block the latest Internet threats. Data collected at Barracuda Central is analyzed and used to create definitions for automatic Energize Updates that fuel the Barracuda Networks products.

BarracudaCentral.org is dedicated to providing technical insight for security professionals. By sharing data, BarracudaCentral.org aims to build a strong community to collectively fight the latest Internet threats.

About the Barracuda Spam Firewall
The Barracuda Spam Firewall is available in eight models and supports up to 100,000 active users with no per user licensing fees. Its architecture leverages 12 defense layers: denial of service and security protection, rate control, IP analysis, sender authentication, recipient verification, virus protection, policy (user-specified rules), Fingerprint Analysis, Intent Analysis, Image Analysis, Bayesian Analysis, and a Spam Rules Scoring engine. In addition, the entire Barracuda Spam Firewall line features simultaneous inbound and outbound email filtering with the inclusion of sophisticated outbound email filtering techniques, such as rate controls, domain restrictions, user authentication (SASL), keyword and attachment blocking, triple-layer virus blocking, and remote user support for outbound email filtering. The Barracuda Spam Firewall?s layered approach minimizes the processing of each email, which yields the performance required to process millions of messages per day. For more information on the Barracuda Spam Firewall, visit http://www.barracuda.com/spam.

About the Barracuda Web Filter
Available in six models, the Barracuda Web Filter combines preventative, reactive and proactive measures to form a complete content filtering and anti-spyware solution for businesses of all sizes. The Barracuda Web Filter is designed to enforce acceptable Internet usage policies by blocking access to objectionable content and unauthorized Internet applications. At the same time, the Barracuda Web Filter?s award-winning feature set enables the Barracuda Web Filter to block spyware downloads, prevent viruses, and stop access to spyware Web sites. Unlike the widely available desktop software solutions, the Barracuda Web Filter is easily installed and does not require the additional time, money or resources necessary for downloading and maintaining software on each individual PC. Hourly Energize Updates are made automatically by Barracuda Central so that the Barracuda Web Filter can block the ever-changing virus and spyware variants, as well as maintain the most up-to-date database of the latest productivity-inhibiting Web sites.

Click here for more information

Parallels Summit 2009: Experience the Next Generation of Optimized Computing

Parallels Launches Beta of Parallels Plesk Control Panel 9.0

	Links
Apollo Hosting $6.96/mo 3GB Diskspace 100GB Bandwidth Live 24/7 Support SpamAssassin Urchin Web Analytics Bluefish $6.95/mo 6GB Diskspace 100GB Bandwidth PHP Perl MySQL SSI CGI SSL Free Domain No Setup Fees No Hidden Fees PowWeb $7.77/mo 300GB Diskspace 3000GB Bandwidth Host Unlimited Domains Load Balanced Technology DNS Management PHP4/5 Perl5 CGI SSI MySQL Daily Backup

	Partners
SingleHop Dedicated Servers ByetHost.com Free Web Hosting Resources Windows Dedicated Server Cheap asp.net hosting Web hosting directory

	Quick Search
Platform Price Diskspace Bandwidth Advance Search Show All Companies

	Hosting Companies
Hosting Town Bridge Communications AlotSpace test 2iri free web hosting Hostinplace.com Netway Web Solutions Door County Hosting AvaHost.net Voxtreme Web Hosting Hosting Space

	Reference & Manual
CSS 2.1 Hosting Glossary HTML 4.01 MySQL Manual PHP Manual


	Host Login/Register \| Contact Us \| Terms \| Add Links Thumbnails by Thumbshots.org © 2002-2012 CheapHostDir.com


Home Share Hosting News Articles Reference & Manual Discount Zone Resources