Barracuda Networks Inc., the worldwide leader in email and Web security appliances, announced that Barracuda Central, its 24x7 security operations center, began immediately blocking a malicious "backdoor" virus distributed via a socially engineered email purportedly from Microsoft earlier today. Barracuda Networks was one of the first vendors to profile the malware and quickly categorized it in the Barracuda Real-Time Protection system to block the virus in incoming and outbound emails on all Barracuda Spam Firewalls worldwide with Barracuda Real-Time Protection enabled.

The virus, categorized by Barracuda Central as "Trojan.Backdoor.Haxdoor," is delivered as an attachment to an email allegedly from the Microsoft Security Assurance team and utilizes several innovative social engineering techniques, such as using Microsoft KnowledgeBase naming conventions for the file attachment, as well as the inclusion of a PGP signature block at the bottom of the email message. The email informs the recipient that "Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista."

Further, the fake email "strongly" recommends that the recipient install a "update" to "protect your computer against security threats and performance problems." Once installed, Barracuda Central determined that the malware "phones home," and leaves an outbound TCP connection open presumably to await further instructions.

"The leverage of the Microsoft name, the inclusion of an apparent PGP signature block - frequently used by security professionals - and the routine nature in which users are accustomed to applying software updates make for a dangerous and potentially effective combination of social engineering techniques in this particular attack," said Stephen Pao, vice president of product management for Barracuda Networks. "Unsuspecting users without the proper virus protections in place, could mistakenly install the malware. Based on the volume of real-time blocks reported by the Barracuda Real-Time Protection system in the outbreak's early stages, we know the attack hit a significant global footprint."

In addition, Barracuda Central categorized this malware in its anti-spyware protocol definitions to block all "phone home" activity across all Barracuda Web Filters worldwide, preventing the attack from affecting corporate networks even when users with previously infected laptops connect to the network.

For email not protected by Barracuda Spam Firewalls, such as personal email, the Barracuda Web Filter can block the virus in Web downloads when behind Barracuda Web Filters.