Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Ironport systems issues spam report for 2007 with outlook for 2008.

IronPort Systems : 03 December, 2007  (Technical Article)
With 98% of received e-mails likely to be spam, IronPort Systems offers advice to e-mail users for staying safe over the holiday period.
IronPort Systems has announced the availability of its 2008 Internet Security Trends Report. The IronPort report highlights the key security trends of today and suggests ways to defend against the sophisticated new generation of Internet threats certain to arise in the future.

Key highlights:.

* 120 billion spam messages are sent every day worldwide.
* 20 billion spam messages are targeted at the UK every day.
* 98% of all email traffic is now spam.
* UK on-line Christmas shopping to be targeted.
* In 2008 social network sites will become prime source of personal data for spam gangs to target UK

"2007 marks a turning point for threats in the UK. Just when malware design seemed to have reached a plateau, new attack techniques have emerged, some so complex - and obviously not the work of amateurs - they could have only been designed by means of sophisticated research and development," said Jason Steer, European Product Manager, IronPort. "For a time, security controls designed to manage malware were working. But, as a result of this success, the threats they protected against were forced to change. In 2007, many of these threats underwent significant adaptation. Malware went stealth, and the sophistication increased.

Spam, virus and malware attacks are costly. The average UK computer user spends 5-10 minutes dealing with spam every day. Clean up cost are estimated at $500 per computer. An estimated 60 million people have had data about themselves exposed over the past 13 months, and there has been an estimated 20 Billion dollars spent in clean-up costs and lost productivity worldwide. In addition, 48 percent of organisations do not have a policy for notifying customers when their private data may be at risk.

Modern malware borrows characteristics from the social networking and collaboration sites such as FaceBook and Myspace. The newest threats like the Storm Trojan are collaborative, adaptive, work between two computers and are intelligent. It flies under the radar, living on PCs for months or years without detection. The old attitude of 'what I can't see won't hurt me' is no longer valid.

The overall trends in spam and malware can be characterised by a larger number of more targeted, stealthy and sophisticated attacks. Specific observations include:.

* Spam volume increased 100 percent, to more than 120 billion spam messages daily. That's about 20 spam messages per day for every person on the planet. IronPort measurements have shown that enterprise users get anywhere from 100 to 1,000 spam messages per day.

* Spam has become less focused on selling product, more focused on growing spam networks. Earlier versions of spam attacks were primarily selling some type of product (pharmaceuticals, low interest mortgages, etc. However, today's spam includes an increasing amount of links that point to web sites distributing malware. This malware is often designed to further extend the size and scale of the bot network that originated the spam in the first place. During 2007, IronPort's Threat Operations Centre measured a 253% increase in "dirty spam" that contained links that pointed to known malware sites. This is further evidence of the trend that malware writers are using both email and web technologies blended together to propagate threats.

* Viruses are less visible, but increasing in number. Virus writers have evolved from the previous mass distribution attacks such as netsky and bagel viruses. In 2007 viruses where much more polymorphic, and typically associated with the proliferation of very sophisticated bot networks such as 'feebs' and 'storm'. In one week alone, the IronPort Threat Operation Centre detected more than 6 variants of the Feebs virus, each of which began spreading exponentially before signatures could be created.

The duration of a particular attack technique decreased substantially. In previous years, spammers would use a typical technique, such as the use of embedded images, for months. More recent techniques such as MP3 spam lasted only 3 days. But there are more of these smaller attacks. Where as in 2006 image spam was the primary new technique, 2007 saw more than 20 different attachment types used in different, short-lived attack techniques.

Stay safe using email, web browsing and on-line Christmas shopping

1) Don't Open - Whenever possible, do not open spam messages. Frequently spam messages include software that enables the spammer to determine how many, or which, email addresses have received and opened the message. A suspicious email is almost always spam.

2) Don't Respond - The best way to deal with email messages from unknown or suspicious addresses is to delete them, or allow your spam filter to quarantine them. If you respond to a spam message, even asking to be removed from their list, you will have confirmed to the sender that they have indeed reached a valid email address and your inbox may become the target of even more spam. If you are unsure whether a request for personal information from a company is legitimate, contact the company directly or type the website URL directly into your browser.

3) Don't Click - If you click on a link (even an 'unsubscribe' link) offered in a spam message, you may infect your computer with spyware or a virus. Instead, delete the email immediately. If a message that appears to be from your bank, credit card company, eBay, Paypal, or others requests that you to click through to validate account details—don't. They already have your account details, so validation or confirmation should not be necessary. Simply delete the message. If you have questions about an email from a familiar organisation, contact them by phone.

4) Don't Buy - Spam exists because it's profitable. It costs almost nothing for a spammer to send a million messages. If even one in that million people buy something, they're making money. Take the profit out of spam. Never purchase anything from spammers. Tell your friends and family to do the same—no matter how good the offer looks.

5) Don't Use Your Primary Email Address - Using your primary email address anywhere on the Web puts it at greater risk of being picked up by spammers. Use a secondary or temporary account for online transactions.

6) Don't Believe Everything You Read - Forwarded warning emails and chain letters are more prevalent during the holiday season. Spammers will harvest good email addresses from these forwarded messages. After a few generations, many of these letters contain hundreds of good email addresses. Consequently, people who were worried about the 'missing girl' or the 'desperate refugee' find themselves not only passing on a hoax, but also the recipients of more spam.

7) Do Use a Temporary or One-Time Use Credit Card - When in doubt; use a temporary or a one-time use credit card. Most major banks can provide these types of cards to help avoid abuse.

8) Sign up for identify theft protection - Most identify theft protection provides a.) personal credit report compiled with data from the three major credit reporting agencies: Equifax, Experian, and TransUnion, so you can review your credit history and verify it is current and accurate; b.) monitors your credit daily; c.) alerts you to any account openings in your name, inquiries into your credit files and sends notification if any negative information is added to your credit records; d.) helps you monitor and correct any errors in your credit file and ultimately provides insurance for any fraud.

9) Do Make Sure Your ISP or Company Has Spam, Virus and Spyware Protection - Spam emails are very often connected with viruses, so it's critical to have both anti-spam and anti-virus protection. Spam messages often include links to websites with spyware or malware. Check with your ISP or IT department to make sure you have adequate security against these kinds of threats. Having spam, virus and Web-based malware protection at the gateway can make a significant difference.

10) Do Use Your Common Sense - If it looks like spam, it probably is. Delete it.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo