Adapt or die

2005-07-01

Matt Peachy

IronPort Systems
Editor: Helen Martin

Abstract

With any great invention, there is always a flip side just waiting to be exploited and the Internet has proved no exception.


William Caxton introduced the printing press to England in the middle ages for the sole purpose of circulating literature to the masses, but it didn't take long before society began abusing this medium and using it to generate negative material. With any great invention, there is always a flip side just waiting to be exploited and the Internet has proved no exception.

First used as a tool by academics to carry out research and communicate with peers, the Internet is now used by spammers and virus writers to create havoc and cause chaos. According to Ferris Research, 70 per cent of all email traffic is now spam.

As users have deployed IT security defences to safeguard themselves from junk mail, spammers have upped their game and developed more sophisticated techniques to get around these barriers.

Just a few years ago, virus writers and spammers were two distinct groups with distinct agendas. In recent years, however, the two groups have come together as spammers have turned to the more technically adept virus writers for help. Spammers started paying virus writers to write viruses that would leave behind zombie machines - which could then be used to send spam so that the messages appear to come from a legitimate server.

Note

For a different take on the idea that spammers are converging with virus writers, see p.8 - Ed

IronPort's SenderBase Network monitors global email traffic patterns and determined that at the beginning of 2004, less than 30 per cent of spam was coming from infected zombie PCs, but by the end of 2004 this figure had jumped to more than 70 per cent.

This year will see more potent viruses appear that are designed to deliver more zombies to send ever more spam. In addition, we are seeing an increase in online fraud or phishing. Last year, analyst firm Gartner estimated that 57 million Americans received phishing emails and that two million US adults gave sensitive information to phishers.

Note

See p.6 for an in-depth look at the threats to online banking - Ed

I believe that it will get better though. As government enforcers pursue legal remedies, the industry has been hard at work creating a new generation of filtering technologies designed to identify and discard spam before it gets into the recipient's inbox.

Effective systems will contain a blacklist or database of known spammer addresses which can be used to crosscheck messages at the gateway server. Likewise, a whitelist detailing known or trusted senders can be used to ensure that legitimate emails get through. Authentication has been coined the new white hope of email security and we will see a growing demand for it due to the increasingly sophisticated means by which spammers attempt to hide their identity.

The industry is also starting to look at things like reputation, introducing filters which control and quarantine traffic proactively from suspicious or unknown senders. Such appliances perform a threat assessment of inbound and outbound messages using a threat scale scoring system. When the score is elevated, all mail is filtered and suspicious messages are quarantined until updated signatures are in place.

It is crucial that companies don't rely entirely on signature-based filters because potentially they can create a gap in the action that needs to be taken. It's all about pre-patch management, using a system that can monitor global activity to detect an early stage outbreak and change filtering policy automatically to prevent viruses getting onto the network.

The Internet is not the first life-changing invention to be exploited by humans for personal gain, and it certainly won't be the last. What is important is that companies are ready for what spammers and virus writers throw at them. Without the right technology in place, it will be one bumpy ride.

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

VB2018 paper: Analysing compiled binaries using Logic

In this paper Thaís Moreira Hamasaki provides an introduction to some practical applications of SMT solvers in IT security, investigating the theoretical limitations and practical solutions, focusing on their use as a tool for binary static analysis.

VB2018 paper: Internet balkanization: why are we raising borders online?

Nowadays, walls are not just being raised in the real world, but on the Internet as well. Countries want to isolate themselves and shut down the information they are not comfortable with, or the companies they don’t want to do business with. Freedom…

VB2018 paper: Where have all the good hires gone?

Much ink has been spilled on the subject of the information security skills gap, and how difficult it is to hire and retain people for these positions. And yet, we all know someone who has had a hard time finding a suitable position despite having…

VB2018 paper: Little Brother is watching – we know all your secrets!

In their research, Siegfried Rasthofer, Stephan Huber & Steven Arzt evaluated the security level of the most popular family-tracking apps on Android. They assessed the security of the respective apps and conducted assessments of the corresponding…

VB2018 paper: Inside Formbook infostealer

Formbook is an infostealer that has been advertised for sale in public hacking forums since February 2016 by a user with the handle ‘ng-Coder' but only came to public attention after it was extensively used in spam campaigns in late 2017. This paper…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.