Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Blended spam attacks continue to rise

Cyberoam : 24 October, 2008  (Technical Article)
Continued increase in the use of spam to direct readers to infected site content demands move towards Unified Threat Management protection measures
Spammers continue to use attractive content, like celebrities and doomsday announcements to increase the effectiveness of their attacks. This is according to the Q3 2008 email threat trend report, issued by Cyberoam, a division of Elitecore Technologies and the innovator of identity-based Unified Threat Management (UTM) solutions, in collaboration with partner Commtouch.

The report reveals the techniques spammers use to conceal their identity through the use of valid or reputable mail servers and also highlights the fact that Malware hidden in legitimate sites is on the rise.

With improving filtering tactics, spammers found new ways to send spam from legitimate mail servers and domains instead of sending email from a known spam IP address or an infected bot server. They are stealing legitimate email senders' credentials, compromising email account enrollment processes and automatically registering thousands of free email accounts. This is mainly done by using algorithms to break CAPTCHAs, which are meant to eliminate mass, automated registrations.

Spam with gruesome videos, doomsday announcements, love mails and celebrities made up the myriad of blended attacks, playing on user psychology and curiosity. Often, the malicious content, including flash spam is hosted either on legitimate sites that have been hacked or on popular public platforms like Blogspot or Flickr. The spammers take advantage of the security solution's reluctance to generate false positives.

Abhilash Sonwane, VP-Product Management, Cyberoam commented: "Given the blended nature of the attacks, unified security that includes anti-virus, anti-malware and content filtering solutions provides second and third layers of protection by preventing downloads of malware from websites and stopping users from inadvertently accessing malware-laden sites."

Abhilash continued: "Even though having a strong anti-spam solution at the gateway stops the spreading of spamware through official email addresses, malware-linked spam can still slip in through personal email IDs. Building user awareness and enforcing responsible surfing behavior in corporate networks is crucial to significantly prevent such threats."

Ironically, spammers also played upon the users' desire to defend themselves against web-based threats. The email address was designed to look like a notification of an update to the popular IE7 web browser and it even included a disclaimer from the Microsoft site. However, users who clicked on it were hit with a nasty executable file.

Although reputation-based solutions are continuously improving, the fact that over 55 % of zombies or bots have a lifespan as short as a single day means these solutions need to be continuously updated to maintain accuracy.

Germany and China showed the fastest zombie IP address turnover at 79% and 78 % respectively. While Telecom Italia and Verizon remained in the Top 7 zombie hotspot domains, ukrtel and Airtel Broadband are the new entries and Brasil Telecom slipped below the top 10.

Cyberoam uses the Commtouch RPDTM technology to analyse large volumes of Internet traffic in real-time. Unlike traditional spam filters, it does not rely on email content, so it is able to detect spam in any language and in every message format (including images, HTML, etc.), non-English characters, single and double byte, etc. Its language and content agnostic nature enable it to provide effective spam blocking capabilities.

Cyberoam incorporates this technology within its unique identity-based UTM appliances, which deploy user identity-based functionality across all of its features. A departure from traditional IP address-dependent solutions, Cyberoam determines precisely who is doing what in the network, providing IT managers with stronger policy control and clearer visibility of activity.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo