Steve Cornish, PineApp: The Year of Living Dangerously
April 2008 by Steve Cornish of PineApp
Steve Cornish of PineApp reflects on the increase in email threats over the past twelve months and predicts even more mayhem for the future.
Spam reached staggering levels of up to 96% of total Internet traffic in past twelve months. The intensification of blended threats that combine email, malware and malicious websites sees spam, once no more than a nuisance, becoming more harmful to networks and PCs than ever.
The Storm worm currently presents the most menacing threat by creating a large complex network of zombie computers that continues to multiply and has proved resilient to most anti-virus and anti-botnet measures.
The botnet is so stealthy and nimble that it makes it extremely difficult to approximate the number of PCs it has taken over. The only effective way to protect against Storm and other botnets is to dynamically detect and block activity from other infected machines, based on identifying zombie IP addresses.
Botnets are also very good at protecting themselves and fight back against those who do try to eliminate them with massive DDoS attacks. It is clear the Storm and other botnets have more havoc to unleash; the most damaging of which could mean more data theft campaigns and massive denial of service attacks that flood their targets with enough traffic to bring them to a grinding halt.
Peak spam activity is usually recorded around holiday-related periods. Subject lines ranging from ‘a fresh new year’ and ‘happy 2008!’ to ‘fast money for Christmas’ and ‘dancing bones’ are utilised in order to confuse content filters and recipients into thinking the messages are legitimate
We have also seen the introduction of new types of attachment spam such as Word, Excel and PDF documents. An outbreak of MP3 ‘pump and dump’ stock spam at the end of last year accounted for 7-10% of global spam at its peak.
Some businesses attempt to counter this by simply blocking all MP3 email messages or creating ‘anti-MP3’ policies. However, many blocking solutions rely on content analysis, and without the ability to open the file, listen to the message and determine that it was spam, they are unable to detect it.
Another new trick from spammers to be wary of is address violation spam, which distributes empty email messages to see if they bounce back. The ones that don’t return are considered valid addresses and put on so-called ‘clean’ lists that are rented out to other spammers and cyber villains at a premium rate. In effect, a spammer’s qualified direct mail list!
As for content; the most popular spam emails of are those advertising sexual enhancement aids which account for 70% of all spam, with counterfeit replicas, mainly sent over holidays, coming in second at 10%.
What is certain is that spam remains a growing problem. Botmasters are distributing their malicious peer-to-peer networks all over the globe and many blocking solutions are simply unable to cope. Only security solutions that are capable of detecting and classifying malicious activity in real-time based on reputation and trends data are able to provide an effective barrier.