Cyberoam announced the Q1 2009 email threat report, in collaboration with partner Commtouch. While Conficker worm took the limelight, a key highlight is that attackers have reached new levels of sophistication in their social engineering techniques, using fear, emotion and security loopholes to perpetuate attacks.
Spammers tricked users on Facebook, Myspace, Twitter into divulging personal information. Exploiting users’ fear of finding scandalous images of themselves online, spammers sent wall posts proclaiming that such pictures have surfaced on Facebook. Also used on Facebook were desperate messages from friends supposedly in a financial bind. Users clicking on the link were taken to what looked like the Facebook login page, but actually it was an imposter site collecting usernames and passwords of unknowing users.
Spammers sent direct Twitter messages to users of blog posts and funny photos related to them. Security loopholes on Twitter like the use of TinyURL to replace long URLs with short ones to fit into Twitter’s 140 character limit meant that users did not know where the link led before they clicked.
Vice President-Product Management, Cyberoam, Abhilash Sonwane, said, “Attackers have confirmed once more that they work on both sides of the equation – user and the platform. They play on the emotions of users while exploiting loopholes on the platform being used. Used in combination, it is an effective way to propagate malware. While Cyberoam offers protection from evolving threats, we also recommend user education to effectively contain threats,” he added.
Blended threats created near perfect mirror sites and official looking emails from CNN and the US tax departments. While Google Docs was used to compromise ZDNet, spammers used “borrowed” images from legitimate sites like CBS and Pizza Hut in addition to masking their email addresses to bypass spam filters.
Loan spam jumped from 3% of all spam messages in Q4 2008 to first place, with 28% of all spam messages this quarter, reflecting the global economic situation.
Cyberoam uses the Commtouch RPDTM technology to analyse large volumes of Internet traffic in real-time. Unlike traditional spam filters, it relies not on email content, but on message pattern enabling it to detect spam in any language and message format. Its language and content agnostic nature enables it to provide effective spam blocking capabilities. Cyberoam incorporates RPDTM within its unique Identity-based UTM appliances which show who is doing what in the network and enable the creation of policies based on the username rather than just IP addresses.