Irish virus levels rise again as new threat emerges

1 Mar 2005

Virus levels in Irish emails increased by more than 50pc during February, reversing two months of decline, according to data published today by IE Internet. Viruses were found in 11.99pc of messages circulating in Ireland last month, a significant rise on the rate of 7.39pc in January.

As with January, variants of the Zafi worm were the two most frequently occurring infections last month. However, their spread was greater in January as they were responsible for 70pc of the total number of infected mails. In February their influence was somewhat reduced; Zafi.D was found in 41.12pc of infected emails and Zafi.B occurred in 21.16pc of cases.

Interestingly, a HTML exploit called IFrame@expl was in fourth place with 7.19pc of attacks. IFrame takes advantage of a vulnerability in Microsoft’s Internet Explorer that allows a malicious HTML document such as an email message to execute automatically when it is viewed through the browser. It also affects Microsoft Outlook and Outlook Express, which share similar code for previewing HTML formatted messages.

According to Ken O’Driscoll, technical manager with IE Internet, the IFrame exploit was incorporated in around 20pc of the Netsky.P virus. This helps the virus to spread as users don’t even have to click on the attachment to launch the virus – it could be spread simply by opening the infected message in Outlook’s preview pane.

“This is the first time in memory that a specific HTML exploit has come up so prevalently, normally they only occur in ones and twos,” he said. Its presence in large numbers is worrying, he added, because of how it can be used. “It’s a delivery mechanism for other viruses,” he warned.

O’Driscoll pointed out that the vulnerability in Internet Explorer that IFrame exploits was identified almost four years ago, which means its presence suggests that large numbers of home users still have unsecured systems. “This is an education issue that doesn’t seem to be reaching some people,” he said.

IE Internet also released figures, which showed the incidence of spam rose slightly to 38.1pc last month, a marginal increase from the level of 36.68pc recorded in January. Data from other sources suggests that spam is a greater problem elsewhere; nonetheless it still means that on average, almost two out of every five emails that Irish users received last month was unsolicited.

As ever, the US is the largest single source of unsolicited commercial email, although South Korea is gaining ground and now accounts for 17.85pc of emails sent to Ireland. Broadband is widely available there and many users are online without having taken adequate steps to protect their machines. “I’d imagine that that’s a whole load of open relays [home computers, which have been hijacked by spammers to send large volumes of email],” said O’Driscoll. He suggested that recent anti-spam test cases in the US, which have seen strict jail sentences handed out, will have the effect of driving spammers to other countries.

Since IE Internet began its tracking service in October 2003, the amount of spam in Ireland has climbed steadily from 14.08pc – a rise of more than 150pc in less than 18 months.

By Gordon Smith