The reported number for July is 4,832 which marks below 5,000 after 3-month-interval from 5,422 marked in June and 5,439 marked in May.

 Of 1,591 is for W32/Netsky for which decreases its numbers comparing with 1,875 marked in June; however, the reported numbers for the virus is still large enough. Then, 532 for W32/Bagle and 317 for W32/Lovgate follow.

1.W32/Mydoom Virus' Variant Emerged!!

On July 26, new variant for W32/Mydoom emerged. This virus is sent as attachment for email. It uses “test”, “error” as its subject; it also masquerades as notification mail for distribution error saying “Returned mail: see transcript for details”, “Mail System Error – Returned Mail”, etc.

Example: Screen image for W32/Mydoom variant's mail

When you received suspicious e-mail shown above, do not open its attachment file and delete the mail itself to protect your computer from such new variant.

What if your computer is infected?

2. W32/Netsky Still Takes Over High Ratio!!

Hire in IPA, upon aggregation of reported virus counts, same kind and its variants reported in a same day are counted as 1 case even how many are found by a same filer in a same day.

The reported numbers for 4,832 in July (June: 5,422) was the outcome from the aggregation of totally reported number of virus counts for about 3,541,000 cases (June: 3,334,000 cases). Following graphs show Gross Number for Virus Detection and Virus Detection Numbers per virus respectively.

(Both numbers in parenthesis are the reported numbers in June in the two graphs above.)

Of 85.7% of total detection numbers was for W32/Netsky. Comparing with the other viruses, W32/Netsky virus's spreading remains overwhelmingly. Overseeing the virus is still necessary.

The number of reports in July is 45 for which also decreases its numbers comparing with 52 marked in June. On the other hands, the number of reports for damage is 8 for which increases its numbers comparing with 4 marked in June. The breakdowns are 4 for intrusion, 3 for spoofing mail address and 1 for others (spoofing ID).  

Be Sure to Take Sufficient Countermeasure Against Web Alteration in Place!!

 In July, we receive 2 damage reports with regard to Web tampering. However, as you know, damage from Web alteration is occurred everyday and everywhere in the Globe.

 Even modification program such as OS, Web server software i.e. IIS or Apache are applied and being implemented, it is also likely to have damage from vulnerabilities existing in CGI program or Script Language. Without saying that not to use CGI program unnecessarily and it should be confirmed if the latest CGI program or Script Language are implemented on your computer. In addition, preventive measures described below should also be conducted.  

• Disable unused or unnecessary services;
• Limit access to where page-content files are being stored;
• Exclude those interfaces by unused or unnecessary port or protocol through installation of Router or Firewall;
• Setup adequate password.

1. Your Private Information may Fraudulently be Used while you are not Realizing it??

W32/Netsky or W32/Mydoom not only send virus mails for its expansion, but also hold those characteristics such as:  

If you are not aware of such infection, it is likely that those viruses penetrate from back door to delete data or to steel your private information. In addition, when DoS attack is performed to Website by virus infection, it is also likely that quantitative data flows on the Internet which causes taking long time to connect to the Internet or halts computer itself.

 As a member of the Internet user community, providing necessary virus countermeasures in place is the minimum manner to follow to. It is strongly recommended to review thorough virus countermeasures applied on your computer one more time.

• “Information for Virus Countermeasures” (in Japanese)
  http://www.ipa.go.jp/security/isg/virus.html

2. In the Preparation for Long Vacation Period...

During summer vacation period, it can be assumed that system administrators will likely to be absent from their work. As you can think back those troubles caused by W32/MSBlaster, W32/Welchia happened last year, once you face damages such as virus infection, Web alteration or unauthorized mail relay, etc. it is likely to expand such damages again while you are out of town/office.

 Especially nowadays, critical and number of security hole are being discovered over and over so that you are to be prepared thoroughly to execute necessary countermeasures to reconfirm your routine security countermeasures by referring to following URL about information for countermeasures.

• “Information for Execution of Information Security Countermeasures” (in Japanese)
  http://www.ipa.go.jp/security/awareness/administrator/administrator.html

When the vacation ends, have your staff check their computers taken back their home during vacation whether they are infected by virus before connecting to internal network considering not carry in viruses to internal system.

The details are as follows;

• Computer virus Incident Report [Details]
• Unauthorized Computer Access Incident Report [Details]

IT Security Center, Information-technology Promotion Agency (IPA/ISEC)
Tel:+81- 3-5978-7527
Fax:+81- 3-5978-7518
E-mail: