Junking The Junk: Staying Ahead Of Spam Attacks
by Edwin Hageman - Managing Director BT Global MSSP - Monday, 26 December 2005.
The numbers speak for themselves: in 2005, junk mail accounted for nearly 60 percent of all emails, up from just 10 per cent in 2001. And this growth looks set to continue.

The problem is bad enough for people at home, with spam messages dropping regularly into personal email inboxes. At work, however, spam presents a much bigger problem, clogging up corporate servers and accounts and distracting employees from their work.

To address the issue, the vast majority of companies have implemented anti-spam technology, and many manage it internally. But spam is not constant – the goalposts are continually changing as spammers develop new and more innovative tricks to get past the filters. Organisations have to battle to stay one step ahead. Furthermore, the best technology in the world can only be as good as its users, and many businesses also have to battle to ensure end-users follow basic guidelines to minimise junk mail.

When spam first became a real problem it could, at that time, be categorised in one of two ways – it was generally either trying to sell you something, or con you out of something. Annoying though the notorious Nigerian 419 scams or the promises of low-priced medicines were, they essentially targeted human gullibility, rather than being serious security threats. More concerning, if less frequent, were the denial of service attacks large enterprises were subjected to, in which spammers tried to flood the company’s mail servers with junk, thereby making them crash.

But over the past year or so, it has become clear that the threat of spam is evolving to become much more of a problem. As people have learned how to avoid the initial scams and stopped falling for the ‘too good to be true’ offers, the spammers have evolved their techniques to incorporate areas such as social engineering to help them reach their ultimate target – the naive end-user.

To make things even worse, we have seen more and more spam that conceals even greater threats such as viruses, spyware and phishing. These blended attacks are taking the basic con tricks of previous years to the next level – and organisations must keep up.

An even clearer demonstration of how the threats are changing has been the recent attacks on mobile phones and similar devices. Spam and other email-borne threats are no longer confined to the PC. Messaging on mobile phones for example has replicated the development of email: from initially handling only plain text messages, they can now handle attachments, multi-media and even active content such as embedded scripts or Java code. For the spammers, this is a whole new temptation. It is an area where users don’t expect to be at risk from attacks, and many have a false sense of security and are happy to open any messages even if they don’t know the sender. It’s no wonder that spammers are beginning to target this type of technology.

This constant battle in which spammers develop new technology, that the anti-spam vendors then learn how to block, is continually repeated. The result is that almost as soon as spam filters are updated, they are out of date.

This means that to protect users effectively from spam, IT departments must constantly update their technology. The most common solutions come from vendors such as Symantec, MessageLabs and McAfee. These are all acknowledged leaders in their field, and constantly update their tools to try to stay ahead of the problem. They monitor spam on a global scale and use a number of different techniques to identify the latest messages, the mail boxes they are sent from, and the methods the spammers are using to try to get past the defences.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th