Cyberoam announces the Q3 2008 email threat trend report, prepared in collaboration with partner Commtouch. The report reveals spammers techniques to hide their bad reputation through the use of valid or reputed mail servers, mainly web mail accounts. Malware hidden in legitimate sites is on the rise. Spammers continue to use attractive content, like celebrities and doomsday announcements for greater effectiveness.
With improving filtering tactics, spammers found new ways to send spam from legitimate mail servers and domains instead of sending email from a known spam IP address or an infected bot server. They are stealing legitimate email senders’ credentials, compromising email account enrollment processes and automatically registering thousands of free email accounts mainly by using algorithms to break CAPTCHAs which are meant to eliminate mass automated registrations.
Spam with gruesome videos, doomsday announcements, celebration days, love mails and celebrities made up for massive blended attacks, playing on user psychology and curiosity. Often, the malicious content, including flash spam among others was hosted either on legitimate sites that have been hacked or on popular public platforms like Blogspot or Flickr taking advantage of security solutions’ reluctance to generate false positives.
Says Abhilash Sonwane, VP-Product Management, “Given the blended nature of attacks, unified security that includes anti-virus, anti-malware and content filtering solutions provide second and third layers of protection by preventing downloads of malware from websites and preventing users from accessing malware-laden sites inadvertently. Even though having a strong anti-spam solution at the gateway stops spreading of spamware through official email addresses, malware-linked spam can slip in through personal email ids. Building user awareness and enforcing responsible surfing behavior in corporate networks prevents such threats significantly,” he adds.
Ironically, spammers also played upon users’ desire to defend themselves against web-based threats where an email like firstname.lastname@example.org’ was designed to look like a notification of an update to the popular IE7 web browser complete with disclaimer from Microsoft site. Users who clicked on the link were hit with a nasty executable file.
Although reputation-based solutions are continuously improving at blocking zombies, with over 55 % of zombies or bots having a lifespan as short as a single day, the solutions need to be continuously updated to maintain accuracy. Germany and China showed the fastest zombie IP address turnover at 79 % and 78 % respectively. While Telecom Italia and Verizon remained in the Top 7 zombie hotspot domains, ukrtel and Airtel Broadband are the new entries and Brasil Telecom slipped below the top 10.
Cyberoam uses the Commtouch RPDTM technology to analyze large volumes of Internet traffic in real-time. Unlike traditional spam filters, it does not rely on email content, so it is able to detect spam in any language and in every message format (including images, HTML, etc.), non-English characters, single and double byte, etc. Its language and content agnostic nature enables it to provide effective spam blocking capabilities.
Cyberoam incorporates this technology within its unique identity-based UTM appliances, which deploy user identity-based functionality across all of its features. A departure from traditional IP address-dependent solutions, Cyberoam determines precisely who is doing what in the network, providing IT managers with stronger policy control and clearer visibility of activity.