Adapt or die

2005-07-01

Matt Peachy

IronPort Systems
Editor: Helen Martin

Abstract

With any great invention, there is always a flip side just waiting to be exploited and the Internet has proved no exception.


William Caxton introduced the printing press to England in the middle ages for the sole purpose of circulating literature to the masses, but it didn't take long before society began abusing this medium and using it to generate negative material. With any great invention, there is always a flip side just waiting to be exploited and the Internet has proved no exception.

First used as a tool by academics to carry out research and communicate with peers, the Internet is now used by spammers and virus writers to create havoc and cause chaos. According to Ferris Research, 70 per cent of all email traffic is now spam.

As users have deployed IT security defences to safeguard themselves from junk mail, spammers have upped their game and developed more sophisticated techniques to get around these barriers.

Just a few years ago, virus writers and spammers were two distinct groups with distinct agendas. In recent years, however, the two groups have come together as spammers have turned to the more technically adept virus writers for help. Spammers started paying virus writers to write viruses that would leave behind zombie machines - which could then be used to send spam so that the messages appear to come from a legitimate server.

Note

For a different take on the idea that spammers are converging with virus writers, see p.8 - Ed

IronPort's SenderBase Network monitors global email traffic patterns and determined that at the beginning of 2004, less than 30 per cent of spam was coming from infected zombie PCs, but by the end of 2004 this figure had jumped to more than 70 per cent.

This year will see more potent viruses appear that are designed to deliver more zombies to send ever more spam. In addition, we are seeing an increase in online fraud or phishing. Last year, analyst firm Gartner estimated that 57 million Americans received phishing emails and that two million US adults gave sensitive information to phishers.

Note

See p.6 for an in-depth look at the threats to online banking - Ed

I believe that it will get better though. As government enforcers pursue legal remedies, the industry has been hard at work creating a new generation of filtering technologies designed to identify and discard spam before it gets into the recipient's inbox.

Effective systems will contain a blacklist or database of known spammer addresses which can be used to crosscheck messages at the gateway server. Likewise, a whitelist detailing known or trusted senders can be used to ensure that legitimate emails get through. Authentication has been coined the new white hope of email security and we will see a growing demand for it due to the increasingly sophisticated means by which spammers attempt to hide their identity.

The industry is also starting to look at things like reputation, introducing filters which control and quarantine traffic proactively from suspicious or unknown senders. Such appliances perform a threat assessment of inbound and outbound messages using a threat scale scoring system. When the score is elevated, all mail is filtered and suspicious messages are quarantined until updated signatures are in place.

It is crucial that companies don't rely entirely on signature-based filters because potentially they can create a gap in the action that needs to be taken. It's all about pre-patch management, using a system that can monitor global activity to detect an early stage outbreak and change filtering policy automatically to prevent viruses getting onto the network.

The Internet is not the first life-changing invention to be exploited by humans for personal gain, and it certainly won't be the last. What is important is that companies are ready for what spammers and virus writers throw at them. Without the right technology in place, it will be one bumpy ride.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

VB2018 paper: Uncovering the wholesale industry of social media fraud: from botnets to bulk reseller panels

In this paper GoSecure researchers Masarah Paquet-Clouston and Olivier Bilodeau explore an undocumented segment of the social media fraud (SMF) industry: wholesaling, from botnet supply operations to bulk reselling.

VB2018 paper: Now you see it, now you don't: wipers in the wild

There has recently been a trend of APT campaigns including a 'wiper' functionality to destroy data, either as a means to remove evidence or as its core purpose. This paper examines three different classifications of wipers through examples of various…

VB2018 paper: Who wasn’t responsible for Olympic Destroyer

Paul Rascagnères & Warren Mercer present the malware that they have identified – with moderate confidence – as having been used in the attack against the 2018 Winter Olympic Games. They describe the malware’s propagation techniques and its…

VB2018 paper: From drive-by download to drive-by mining: understanding the new paradigm

Jérôme Segura discusses the rise of drive-by cryptocurrency mining, explaining how it works and putting it in the broader context of changes in the cybercrime landscape.

The dark side of WebAssembly

The WebAssembly (Wasm) format rose to prominence recently when it was used for cryptocurrency mining in browsers. This opened a Pandora’s box of potential malicious uses of Wasm. In this paper Aishwarya Lonkar & Siddhesh Chandrayan walk through some…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.