Adapt or die

2005-07-01

Matt Peachy

IronPort Systems
Editor: Helen Martin

Abstract

With any great invention, there is always a flip side just waiting to be exploited and the Internet has proved no exception.


William Caxton introduced the printing press to England in the middle ages for the sole purpose of circulating literature to the masses, but it didn't take long before society began abusing this medium and using it to generate negative material. With any great invention, there is always a flip side just waiting to be exploited and the Internet has proved no exception.

First used as a tool by academics to carry out research and communicate with peers, the Internet is now used by spammers and virus writers to create havoc and cause chaos. According to Ferris Research, 70 per cent of all email traffic is now spam.

As users have deployed IT security defences to safeguard themselves from junk mail, spammers have upped their game and developed more sophisticated techniques to get around these barriers.

Just a few years ago, virus writers and spammers were two distinct groups with distinct agendas. In recent years, however, the two groups have come together as spammers have turned to the more technically adept virus writers for help. Spammers started paying virus writers to write viruses that would leave behind zombie machines - which could then be used to send spam so that the messages appear to come from a legitimate server.

Note

For a different take on the idea that spammers are converging with virus writers, see p.8 - Ed

IronPort's SenderBase Network monitors global email traffic patterns and determined that at the beginning of 2004, less than 30 per cent of spam was coming from infected zombie PCs, but by the end of 2004 this figure had jumped to more than 70 per cent.

This year will see more potent viruses appear that are designed to deliver more zombies to send ever more spam. In addition, we are seeing an increase in online fraud or phishing. Last year, analyst firm Gartner estimated that 57 million Americans received phishing emails and that two million US adults gave sensitive information to phishers.

Note

See p.6 for an in-depth look at the threats to online banking - Ed

I believe that it will get better though. As government enforcers pursue legal remedies, the industry has been hard at work creating a new generation of filtering technologies designed to identify and discard spam before it gets into the recipient's inbox.

Effective systems will contain a blacklist or database of known spammer addresses which can be used to crosscheck messages at the gateway server. Likewise, a whitelist detailing known or trusted senders can be used to ensure that legitimate emails get through. Authentication has been coined the new white hope of email security and we will see a growing demand for it due to the increasingly sophisticated means by which spammers attempt to hide their identity.

The industry is also starting to look at things like reputation, introducing filters which control and quarantine traffic proactively from suspicious or unknown senders. Such appliances perform a threat assessment of inbound and outbound messages using a threat scale scoring system. When the score is elevated, all mail is filtered and suspicious messages are quarantined until updated signatures are in place.

It is crucial that companies don't rely entirely on signature-based filters because potentially they can create a gap in the action that needs to be taken. It's all about pre-patch management, using a system that can monitor global activity to detect an early stage outbreak and change filtering policy automatically to prevent viruses getting onto the network.

The Internet is not the first life-changing invention to be exploited by humans for personal gain, and it certainly won't be the last. What is important is that companies are ready for what spammers and virus writers throw at them. Without the right technology in place, it will be one bumpy ride.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.