Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Spam delivery mechanisms continue to change

Surf Control : 17 September, 2007  (Technical Article)
Hamish Patel of Surfcontrol explains the evolution of spam and offers advice on how to avoid it.
As if the spam problem wasn't already bad enough, spammers are starting to quickly change their approach, introducing new spamming techniques to snare the unwary and get around corporate security measures - and forcing us all to go through more hoops to avoid it.

Image spam was tried and tested successfully last year, with volumes of image spam doubling within just six months to account for over 40% of all spam traffic.
The attraction of image spam to spammers was simple. Most basic spam filters searched for predetermined words in subject lines, suspicious word patterns and word frequencies. Image spam bypassed these filters by embedding the image into the message body and the email itself contained random words to make it appear legitimate.

However, end user awareness and security software have caught up, so the spammers have been forced to re-think their approach. This they have done, with a new trick of getting past email and security filters.

A more recent technique is known as PDF spam. These PDF spam emails can be recognised as they have an attachment of one or more PDF files, with a randomly generated sender and subject line, and blank message body. The PDF file, of course, contains the spam message that you hoped to avoid.
Like its predecessor, PDF spam is predominantly used for share-ramping, an attempt to increase the price of worthless stock, or to promote sales of prescription medicines.

The attraction to spammers is that many files transmitted in the workplace use PDF format. This means that employees are more likely to check the content of all these files, leaving them vulnerable to spam. What's more, anti-spam filters that are not updated will allow the email through unnoticed.

So how do you keep abreast of the quick changes in spam techniques? How much of a threat do the new techniques represent? How can you ensure that your staff are protected against that threat? And what's coming next in the spam world?

A key problem is the much greater drain PDF spam exerts on network and bandwidth resources. The traditional text spam was only 5kb, the image spam was approximately 23kb and the PDF spam files have been reported to be larger still. This may not sound like a lot individually but with millions of PDF spam e-mails sent out each day, the scale of this problem becomes apparent as does its cost implications for organisations trying to manage this 'fat' spam

End user awareness should be the first security measure and it is often the most effective. Users must understand the consequences of responding to these emails and phishing attempts. Through end users not opening the attached PDF files, spam volumes are already in decline.

The 'arms race' between spammers and e-mail security providers continues unabated. Organisations that have not reviewed their e-mail security for a while or who have unsophisticated filtering are seeing their inboxes fill up with spam.
Regardless of what product an organisation uses, reviewing Internet security and understanding what security systems are in use is essential. Today's most effective and sophisticated solutions combine a variety of intelligent image spam detection technologies, including a heuristics engine, a reputation service (which checks the domain of the email sender), content filtering and image analysis technology.

The challenge of course is ensuring that your spam protection is integrated into your overall e-mail security which has a number of other functions to perform. Optimising protection levels while minimising cost and complexity is quite a challenge. Implementing a layered approach is often the most effective way to achieve this and enables you to design your own secure filtering solution to your specific need. This also enables savings to be made in network resources, bandwidth and overall administration.

In-the-cloud filters added to the layering of advanced technologies are also very effective as large volumes of spam can be removed before they enter the core network. And for businesses which need to perform deeper content inspection, for confidential data management or compliance regulations, adding another security layer using an appliance-based solution provides granular content filtering. This can also prevent sensitive and confidential information leaving the network.

The good news is that PDF spam is already on the wane. Security software vendors have already been able to come up with updates and filters that can analyse the body of every PDF file.

But spammers are tenacious and inventive, and you can be certain that another technique is on the way. Excel, Word and ZIP files are already being used in an attempt to reach end-users' inboxes and with each new trick the anti-virus vendors are having to work faster to stay one step ahead of these threats.

As for what is coming next in the spam world, it is almost impossible to say. Spam in the format of an attached file is inevitable, and will continue to undermine email effectiveness. What's more, the spam industry is a lucrative business, so spammers will only become more creative. In any review of security technology, organisations must be aware that a solution must not only solve today's issues but is ready for the unknown threats of tomorrow.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo