Training page

Securitybench offers more training on subjects like reading spam email headers and using spyware scanners and antivirus software. Please visit more often as we will be adding more content and video to our pages.

Try our free online Cisco training page!

Click Here

The virus map

Panda Software introduces a virus map of the world and keeps track of the spread of viruses. The map is intended to educate users of how viruses spread throught the world. Panda is a leader of anti virus software.

Panda Virus Maps
Panda has different types of virus maps that show the percentage of infected computers in different situations.

  • Virus Infection Map: gives live graphic coverage of the percentage of computers infected by viruses in a geographic zone. This map includes Alert Mode, which complements the Virus Infection Map during alerts, as it allows you to view how the threat causing the alert spreads, from the moment it appears until the alert is lifted.

What information is included in the Panda Virus Infection Map?
In addition to the percentage of computers infected by viruses, or the combination of viruses in a geographic zone (worldwide, continent or country), the Virus Infection Map provides the following information:

  • Top viruses: list of the most active viruses in a region.
  • Top countries: list of the areas most-affected by a single virus.
  • Proliferation of infections graph: displays the development of PCs infected by a virus or all viruses, in each area from the last 24 hours to the past 12 months.

Color codes used in the Map.
The Virus Infection Map has the following color-code:

COLOR DESCRIPTION

Indicates that there is a Severe Risk of infections.
Indicates a High Risk of infections.
Means there is a Moderate Risk of infections.
Means Low Risk of infections.

Top viruses.
A list of the most active viruses in a geographic zone. Next to the name of each virus, the percentage of PCs infected in each zone is displayed. The list is arranged from highest to lowest in respect to the number of infected PCs.

Top countries.
If you select a specific virus in the Infections by option, instead of Top viruses it will say Top countries.A list of the countries most affected by the selected virus. Next to each country a percentage of the number of PCs infected by the virus will be displayed. The list is arranged from highest to lowest in respect to the number of PCs infected.

Proliferation of infections graph.
Similar to graphs used to depict activity on the stock market, these graphs indicate the change in percentage of PCs infected by a single virus or by all viruses, in the selected region of the map over in a period of time ranging from the past 24 hours to the past 12 months.This makes it possible to know if a certain virus is spreading or if its impact is decreasing. This information can be particularly useful during epidemics, when the spread of a particular virus can vary greatly.

Reading Spam email headers

Depending on what mail program you are using there is a way to track down spammers and the spam mail senders address by reading the complete header usually hidden from view until you click on the email options within the actual message itself.

For example, if you are using outlook and have opened a suspicious spam mail message and want to find out more information then you would want to click View and go to Options and look at Internet headers at the bottom of the options page. This is where you can find information on who and where the message came from. A word of caution though as most spam messages will contain fake addresses intended to fool you as to who and where the message was sent from. An example of the header would look like this:

(these are ficticious mail names and ip addresses are blocked with xx.xx to simulate an ip address.)

Return-Path: Blank@toprotectinnocent.com>

Received: from the lamestmail (lamestmail.com [216.174.xx.xx]) – – –

by worst.lamestmail.com (7.12.9/3.12.9) with ESMTP id iA7J84p7014538 for ; Sun, 7 Nov 2004 11:08:04 -0800 (PST)

Received: from [127.0.0.1] (000dbc101be8.lamestmail.com [161.191.xx.xx])

by lamest-mail.com (8.32.8/8.122.8) with ESMTP id 123M0tCm033132 for ; Sun, 7 Nov 2004 14:00:20 -0800 (PST)

Normally, we can start reading the header from the bottom up as it went through the different mail locations. Notice the “Received” from lamestmail.com and the ip address 161.191.xx.xx. This is where we would start a “whois” or a traceroute to find out who sent the spam mail and who MR. “Blank” is.

Interested in risk analysis tools?

Global Risk Guard – Resources for Risk Professionals