NEW CGI Directory

Home Press Releases MX Logic Reports Spam Accounts ...

Press Releases by

MX Logic Reports Spam Accounts for 61 Percent of Email in April

'Malcryption' and Ransomware Emerge as Threats; 'Usual Suspects' Dominate Month's Top Email Worms

May 5, 2006; 06:16 AM
DENVER - MX Logic Inc., a provider of innovative, easy-to-use email defense solutions for businesses of all sizes, released its latest data on email security. Key among the company's findings is that spam accounted for an average of 61 percent of all email through the MX Logic(R) Threat Center in April.

This compares to 56 percent in March 2006 and 70 percent in April 2005. The highest daily spam volume during April 2006 occurred on Saturday, April 15, when spam accounted for 84 percent of all email filtered by MX Logic.

The company also reported that, on average, 0.5 percent of all unsolicited commercial email it filtered in April 2006 complied with The Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act -- the federal anti-spam law. This compares with 0.6 percent compliance in March 2006 and 4 percent compliance in April 2005.

Top Email Viruses and Worms in April

In addition to data on spam, MX Logic reported that the top five email worms in April were:

1. Mytob (the MX Logic Threat Center saw 125 variants in April)

2. Lebreat

3. Nyxem.D (a.k.a. Kama Sutra)


5. Lovgate.AD

"Many of these worms or their variants have been around for months," Chasin said. "They continue to proliferate, long after the initial outbreak, partly because end users continue to fall victim to the social engineering tactics used by worm authors."

Emerging Trends: "Malcryption" and Ransomware

MX Logic also reported the increased use of encryption as a tool to make it more difficult to detect networks of zombie PCs and phishing sites and enable the hijacking of informational assets from personal computers and business networks.

"Spammers, malware authors and others play a perpetual cat-and-mouse game, subverting the legitimate use of technology, like encryption, to initiate stealthier, more sophisticated attacks," Chasin said.

One emerging trend is "malcryption," which is the adoption of encryption technology by malware authors to hide their communication and bypass sophisticated content filtering technologies.

"Malware authors have already used encryption to increase the stealth of their attacks and decrease the chance of detection," Chasin said. "Encryption is being used to seed the Internet with zombie PCs and to cloak the command-and-control communications sent by malware authors to zombie PCs over Internet Relay Chat (IRC). It is also being used in peer-to-peer networks, like instant messaging, meaning there is no central command-and-control."

On April 30, the SANS Internet Storm Center reported that a bot network created by the [email protected] worm is leveraging encrypted peer-to-peer networks to communicate with other infected PCs -- unlike most bot networks, which send communications to compromised PCs through static central command-and-control host PCs. The Nugache worm propagates through email, network shares and instant messaging networks. The worm uses AOL Instant Messenger to send out URLs that host malicious code. Once users click on the URL, their PCs become infected.

Encryption is also being used in ransomware attacks, in which malware authors infect a PC with malicious code, encrypt proprietary information and then hold it for ransom. On March 12, a Trojan known as Troj/Zippo A (aka Cryzip) emerged. The Trojan creates password-protected ZIP files on the infected computer and then demands a $300 ransom for their decryption. On April 26, the Troj/Ransom-A emerged. Once activated, the trojan displays pornographic images and a message claming it will delete one file every 30 minutes until the user pays a ransom of $10.99 via Western Union.

"The emergence of ransomware is a disturbing trend," Chasin said. "While these types of threats are not yet a common occurrence, users should take precautions to protect themselves."

MX Logic urges users to:

-- Update anti-virus engines frequently and scan their PCs for infection

-- For businesses, deploy a solution that provides multi-layered protection, including zero-hour threat protection (protection from threats that appear before an anti-virus signature is developed to detect them)

-- Avoid opening suspicious messages, even messages that appear to be from a known sender

-- Never open the attachment in a suspicious message

-- Back up important computer files so that if their PC does become compromised, they can retrieve files

Monitoring billions of messages per month for over 8,300 organizations worldwide, the MX Logic Threat Center combines advanced, accurate and up-to-the-minute email defense technology and human-messaging expertise to protect MX Logic customers from spam, viruses, worms, phishing attacks and other email threats.

About MX Logic

MX Logic Inc. provides innovative, easy-to-use email defense solutions to businesses of all sizes. Processing billions of messages each month for over 8,300 organizations worldwide, MX Logic distributes its email security and protection solutions directly and through an extensive partner network. For more information, visit

MX Logic Inc.
Sheila O'Neill, 303-324-7310
[email protected]
GroundFloor Media
Jennifer Jansky, 303-722-9552
[email protected]



Related Resources

Other Resources