The Novarg Virus Can Be Caught by GFI’s Gateway-level Trojan Scanner Before Anti-Virus Vendors Release Updates Against It

London, UK, 27 January 2004 – Novarg (also known as Mydoom and Mimail.R), the latest email virus to threaten the security of networks worldwide, highlights yet again that it is not enough to rely on anti-virus protection alone. The time it takes for anti-virus vendors to discover a virus and issue an update against a new virus is too long and allows ample room for infection and distribution. GFI’s Trojan and Executable Scanner, on the other hand, catches Novarg and other new viruses immediately – before their signatures are issued.

The difference between a virus engine and a Trojan and executable scanner

Because anti-virus software is signature-based, it can only detect known viruses and Trojans, and is therefore unable to detect new viruses such as the Novarg as soon as they are released. GFI MailSecurity’s Trojan and Executable Scanner takes a different approach: Rather than relying on signatures, it uses built-in intelligence to rate an executable’s risk level. It does this by disassembling the executable, detecting in real time what it might do, and comparing its actions to a database of malicious actions. This way, GFI MailSecurity can detect unknown viruses and Trojans before they enter the network – and before anti-virus engine vendors have issued signatures against them.

“A couple of hours too late”

“If a vendor takes a couple of hours to issue an update against a new virus, this is often a couple of hours too late. By then, the damage is done. All it takes is for one machine on a network to be infected. The virus then propagates to that network and others, causing great damage,” explained David Vella, GFI MailSecurity Product Manager. “Organizations need to take a proactive approach to protecting themselves and should install gateway-level protection against one-off and unknown email threats and Trojans, as well as standard virus scanning software.”

It is for this reason that GFI MailSecurity for Exchange/SMTP – GFI’s email content security and anti-virus product for Exchange and SMTP mail servers – incorporates a number of features against email threats, including the Trojan and Executable Scanner.

Novarg.A is reported to be infecting a vast number of computers. This worm is an executable that travels in the form of an email attachment, and it requires users to run the executable to be activated. The worm spoofs the email sender and the executable is usually compressed inside a zip file. It also launches a Denial of Service attack on www.sco.com and opens a backdoor on the infected computers. The GFI Trojan and Executable Scanner feature is able to catch Novarg.A because this infringes the scanner’s “CheckUPX” rule; the worm is compressed using a UPX packer, which indicates that such an executable might be malicious.
Further information is available
at http://www.gfi.com/news/en/novarg.htm.

About GFI MailSecurity for Exchange/SMTP

GFI MailSecurity for Exchange/SMTP is an email content checking, exploit detection, threats analysis and anti-virus solution that removes all types of email- borne threats before they can affect an organization’s email users. GFI MailSecurity’s key features include multiple virus engines, to guarantee higher detection rate and faster response to new viruses; email content and attachment checking, to quarantine dangerous attachments and content; an exploit shield, to protect against present and future viruses based on exploits (e.g., Nimda, Bugbear); an HTML threats engine, to disable HTML scripts; a Trojan & Executable Scanner, to detect malicious executables; and more. Further information and a full evaluation version are available at http://www.gfi.com/mailsecurity/.

About GFI

GFI is a leading provider of Windows-based network security, content security and messaging software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti-virus software; GFI MailEssentials server-based anti-spam software; GFI LANguard Network Security Scanner (N.S.S.) security scanning and patch management software; GFI Network Server Monitor that automatically sends alerts, and corrects network and server issues; and GFI LANguard Security Event Log Monitor (S.E.L.M.) that performs event log based intrusion detection and network-wide event log management. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has offices in the US, the UK, Germany, Cyprus, Romania, Australia and Malta, and operates through a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion (GEM) Packaged Application Partner of the Year award.