Genotype technology defends against Mytob mass attack, Sophos reports on multitude of worms

April 11, 2005 Sophos Press Release

Sophos products include Genotype technology to proactively defend against new threats

Experts at SophosLabs™, Sophos's global network of virus and spam analysis centres, have successfully defended customers against multiple attacks by new versions of the Mytob worm this weekend, using proactive technology.

The author of the Mytob worms appears to have deliberately waited until the weekend before releasing five new versions: W32/Mytob-X, W32/Mytob-Y, W32/Mytob-Z, W32/Mytob-AA, and W32/Mytob-AB. Sophos's proactive Genotype™ technology was capable of detecting all five as new versions of the Mytob worm (naming them W32/MyDoom-Gen), defending customers computers without requiring an update.

The Mytob worms spread via email, planting a backdoor Trojan horse which can be used by remote hackers to gain access and control over a victim's computer. The computer can then be spied upon (to steal confidential information), or used to send spam or launch denial of service attacks.

Genotype™ detection technology uses forensic analysis to identify suspicious patterns and characteristics that are unique to either a virus family or a spam campaign. By analyzing these Genotype patterns, Sophos reduces exposure to new unidentified threats and unwanted content.

"Hundreds of new virus threats, many with a number of variants, emerge each month. Sophos's unique Genotype technology helps protect businesses worldwide against new attacks - even before they have been seen by anti-virus experts," said Graham Cluley, senior technology consultant for Sophos. "All companies should consider combining traditional anti-virus protection with proactive Genotype detection, as well as investigating putting an email security policy in place at their gateways. Millions of Sophos customers are already benefiting from this high level of protection."

Sophos's Genotype technology also protected users against a new version of the MyDoom worm, W32/MyDoom-AJ, which emerged this weekend.