IronPort Virus Outbreak Filters detect “Coca Cola Promotion” worm hours before major antivirus vendors

IronPort Systems, the leading email and web security products provider serving organizations ranging from small businesses to the Global 2000, has confirmed that its Virus Outbreak Filters (VOF) were able to detect a new worm capitalizing on the popularity of both the Coca Cola brand and the Holiday season last month. Codenamed “Coca Cola Promotion,” the outbreak was detected several hours ahead of major antivirus vendors by IronPort’s VOFs. Sent by cyber criminals with the subject ‘Coca Cola is proud to announce our new Christmas Promotion,’ the zip attachment displayed a harmless Christmas-themed picture when opened while secretly installing a mass-mailing worm and keylogger. The malicious code would connect to Whatismyip.com to acquire the host computers IP address and infiltrate multiple running processes. It would then launch a background instance of iexplore.exe to perform keystroke logging, which enabled it to illegally acquire personal, confidential and financial information. “Our Filters were able to initiate critical warnings and countermeasures against the Coca Cola Promotion worm hours before anti-virus signatures appeared from major vendors, thus proving that they are still the most effective first line of defense against increasingly growing internet threats such as worms, malware and viruses. IronPort VOFs have in fact provided immediate protection to millions of users against the huge number of virus and malware attacks identified going towards the end of 2008. Supported by our very own SenderBase, the world’s largest email and Web traffic monitoring network, the VOFs are capable of validating and containing attacks within minutes of their release,” said Ray Kafity, Regional Sales Manager – Middle East, North Africa and Pakistan, IronPort Systems. The worm replicated itself onto removable media such as USB drives and created an autorun.inf file that would be executed every time the device linked to another system. It also sent emails with copies of itself to addresses obtained from the compromised computer, and was able to propagate further by copying itself in the shared folders of peer-to-peer applications. IronPort’s Virus Outbreak Filters provide zero-day protection from malware, viruses, trojans and worms. The Filters leverage SenderBase data to identify when an exploit occurs and then protect users until the official patch is available and deployed. IronPort’s VOF was able to detect the last 20 outbreaks as much as 42 hours ahead of the public alerts or patch releases of leading anti-virus vendors. VOF performance compared to anti-virus response times can be viewed at http://www.ironport.com/toc/.