Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

2Q sees increase in use of Universities and ISPs as zombies

Cyberoam : 28 July, 2008  (Technical Article)
Report on 2Q IT threat activities indicates trustworthy domains being targeted for use as zombies for relaying spam and malware
Around 10 million zombies were active in Q2, sending spam and email based malware everyday, according to the Q2 2008 email threat trend report, issued today by Cyberoam, a division of Elitecore Technologies and the leading innovator of identity-based Unified Threat Management (UTM) solutions, in collaboration with partner Commtouch.

The vast majority of zombie IP addresses were dynamic and zombie botmasters succeeded in causing large scale damage by deactivating the IPs causing fresh attacks, switching among various IPs in order to bypass traditional security solutions.

The report revealed attacks on new user groups like ISPs, educational institutions, Google Adwords users and Microsoft users have hugely increased. The trend showed attackers targeted these large user groups by exploiting their psychological behaviour and through media they trust the most.

Zombie botmasters have hit Internet Service Providers hard (ISPs) by exploiting the ISP infrastructure to send out spam on the Internet. ISPs have therefore faced a tough challenge this quarter protecting their users against incoming spam in their inbox while shielding them from being used by zombies to send spam out. The latter is of greater concern as it leads to ISP’s IP ranges being blacklisted, which in turn leads to legitimate outbound emails being blocked along with the junk. Zombie abuse consumes the ISPs precious network resources, reducing network speeds and resulting in customer dissatisfaction.

Phishing, spam messages that attempt to coax users into handing over passwords and other sensitive personal information, continue to claim victims. This quarter phishing attempts were targeted increasingly at university students and faculty members. Text-based message spam, seemingly coming from IT departments, collected their personal information and passwords. Yet another phishing scam hit Google Adwords account owners. The scam involved an email containing legitimate Google links, which redirected the user to a phishing site hosted on a Chinese domain.

In a new form of Bayesian poisoning, spammers used the disclaimer message content in Hotmail messages to bypass content-based filters. The content also contained a link to a hosted image of a pharmaceutical ad. With the hotmail disclaimer lowering the users’ guard, the user then confirmed the validity of their email IDs by viewing the image.
The report also revealed that attacks on the blogger community and U.S taxpayers have also continued to grow with the help of socially engineered subject lines that manipulate the user. Exploiting the human emotions were subject lines that related to fabricated news on the earthquake in China, with the body text containing malicious clickable links.

With one of the highest spam-catching rates in the industry, Cyberoam’s powerful Anti-Spam solution uses Commtouch RPD technology that analyses large volumes of Internet traffic in real-time. Cyberoam Anti-Spam’s language- and content-agnostic nature allows it to detect spam in any language and in every message format (including images, HTML, etc.), non-English characters, single and double byte, etc.

“Dupery in the virtual world continues with an increased vitality, thanks to the new and innovative methods of spammers to manipulate the Internet users. New and easily vulnerable user groups are being targeted today with techniques that can deceive even the more experienced in the industry,” says Mr. Abhilash Sonwane, VP Product Management, Cyberoam. “Attackers know that internal users can be their most vulnerable targets and they constantly innovate to come up with new methods to attack them. By allowing identity-based policies, Cyberoam controls user activities within the network. This, along with Commtouch’s Rapid Pattern Detection and outbreak prevention technologies, enables Cyberoam to offer end users the deepest and most comprehensive level of protection from all types of spam, malware and other Internet threats.”

Unlike traditional IP address-dependent solutions, Cyberoam’s unique identity-based UTM appliances deliver knowledge of who is doing what in the network, providing greater granular controls in creating user-based policies and offering clear visibility in the network.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo