The reported number for August is 5,091 which again exceed 5,000 cases since 5,439 marked in May and 5,422 marked in June.  

In relation to W32/Netsky , the reported number is 1,431 which record worst 1 in the past 6 months. The reported number for W32/Bagle is 502 and W32/Mydoom whose newly emerged variants marked 496 subsequently follows.

1. Virus Spoofing Sender's Address is Spreading!!

“Delivery Error Message against such mail which have not been sent out or such alert message received in relation to virus detection”, currently, such consultations are reported quite a few in numbers. As one of causes for such symptoms, such virus who spoofs sender's address is spread (Virus which ranked worst 10 in August were all in spoofing address specifications.). Those mails which is sent out by virus likely to be reached to you with following process.

• From virus infected PC , virus mails spoofing “ from address ” are sent out in quantity. Those addresses used for from and to are collected from address books in infected computers.
• Mail server which received virus mail will send virus alert message or delivery error message to your “ from address ”.
• Since your “ from address ” is used as from address to which virus mail is sent out, you will receive error message or alert message, consequently.

Mechanism of virus spoofing sender's address

When using mailing functions, you are likely to receive error or alert messages which you are not realized. In case you receive such messages, do not be in panic and you are to verify with or without of virus infection by utilizing anti-virus software without fail. If virus is not detected within your computer, you can simply delete unnecessary mails received as there is no problem. While your computer is infected by viruses, remove them immediately.  

For further details, please refer to the following site.

• “Case example of 5 FAQs” (in Japanese)
  http://www.ipa.go.jp/security/virus/faq/qa_5.html

2. Virus Mail Spreading is Continuously Remained!!

Here in IPA, upon aggregation of reported virus counts, same kind and its variants reported in a same day are counted as 1 case even how many are founded by a same filer in a same day.  

The reported numbers for 5,091 in August (July: 4,832) was the outcome from the aggregation of totally reported number of virus counts for about 3,273,000 cases (July: 3,541,000). Following graphs show Gross Number for Virus Detection and Virus Detection Numbers per virus respectively.

(Both numbers in parenthesis are the reported numbers in July in the two graphs above.)

Ratio taken over by W32/Zafi and W32/Mydoom are increased, but W32/Netsky still reigns 79.0% of total detected numbers. Since these viruses will be reached to you through emails to attachment, it needs to continuously be cautious to handle e-mail attachment.

The number of reports in August is 60 which increased about 33.3% comparing with 45 which is the number of reports marked in July. The number of reports for damage is 11 which also increased comparing with 8 which is the number of reports marked in July. The breakdowns are 8 for intrusion, 2 for spoofing mail address and 1 for other (download damage by unauthorized computer access).  

It is Mandate to Self-Protection and Self-Responsibility for Interfacing the Internet!!

Of 8 out from 11 damage reports in August is the report from individual users which marked largest number for the year. Because of the prevalence of the Internet, currently, not only corporations but also individual users are subjected to aim for unauthorized computer access. It is, therefore, mandatory to take certain countermeasures in advance and is also necessary to take adequate measures when you confront damages.

Preventive measures to be conducted

• Adequate setting up and management for ID/Password;
• Obtain security information to eliminate security holes from OS, etc. (Execute Windows Update, etc. regularly.);
• Install personal firewall and anti-virus software for active use;
• In case either computer or the internet is not in use, keep in mind to shut off power or interface respectively;
• Confirm set ups for file sharing or browser;
• When Router or wireless LAN is used, confirm them if they are adequately set up;
• Do not click untrustful Home Pages or URLs attached to e-mails without cautiousness.

If your computer is damaged:

Conduct recovery activities with following procedures;

• Shut off from the internet immediately;
• Back up minimum and necessary files for which you'd prepared (text, image, sound, etc.)
• Initialize computer and re-install from OS (reset to default status);
• Install personal firewall or anti-virus software;
• Interface to the internet to conduct OS, personal firewall software or anti-virus software updates;
• Alter password, etc. upon receiving/sending e-mails when interfacing to providers if necessary;
• Recovery from backup files to reset data when necessary.  

For further details, please refer to the following site:

• “Information for execution of information security countermeasures for end user/home user pages” (in Japanese)
  http://www.ipa.go.jp/security/awarenes/end-users/end-users.html

There're no Cure-all Medicines for Your Computer

To utilize anti-virus software, it is very effective way to pursue to conduct virus countermeasures. However, those currently available detection tools by pattern matching [1] have certain leading time for which cannot detect until information for newly emerged virus will be added to definition files.

[1]   Pattern Matching Method = detection method to determine if infected by virus or not by comparing information registered to virus definition files with those files to be subjected for research.

In relation to W32/Mydoom variant (Mydoom.S) which newly emerged on August 16, the virus definition file had not delivered in time and some cases can be seen that some attachment files were opened consequently.  

Even if virus is not detected, your computer likely to be infected when you open attachment files. You have to realize that virus sometimes will not to be detected; you have to, therefore, comply with the following items not to confront damage from infection:

• Even anti-virus software is installed, do not open doubtful attachment files as newly emerged virus will not likely be detected;
• Do not open and delete suspicious mails – it may be spam or virus mail;
• Be cautious for those unknown/unusual mails written in English – most of virus mails delivered are written in English.  

• “(FYI) 5 informative tips when handling attachment files to e-mail” (in Japanese) http://www.ipa.go.jp/security/antivirus/attach5.html

The details are as follows;

• Computer virus Incident Report [Details]
• Unauthorized Computer Access Incident Report [Details]

IT Security Center, Information-technology Promotion Agency (IPA/ISEC)
Tel:+81- 3-5978-7527
Fax:+81- 3-5978-7518
E-mail: