One of the keys to preventing virus outbreaks within an organization is having the latest virus signatures and detection rules in place.  Since spam is one of the primary means of spreading malware, this is especially true for email scanners and spam filters.

According to a FBI Crime and Security Survey, 65 percent of companies had been affected by virus attacks during the previous year.  This is in spite of the fact that 97 percent of the surveyed companies were using industry-leading virus protection, and following “best practices” like enabling automatic updates.  This information highlights the need for overlapping protection.  Maintainers of antivirus software respond to new threats at differing rates, and while some are more responsive than others, none are always first or always best at deploying updates.

Utilizing spam filters or other email security solutions which incorporate two or more virus engines increases a company’s chance of early protection when new threats are introduced.  It also eliminates the situation where single point of failure might arise, such as when one antivirus vendor’s update network has been compromised or is off-line.  Adding complimentary technologies like heuristic analysis and reputation filtering offers the most comprehensive protection.

Running multiple antivirus products on corporate desktops is probably not feasible because of the competition for computing resources and incompatibilities during real-time protection.  However, running multiple engines sequentially to scan incoming email at the server level can significantly reduce early exposure to malware while maintaining reasonable throughput.

Be the first to comment

Current Spam Trends: What’s Old is New Again

by Christopher on January 9, 2012

At the end of 2010, we saw a resurgence of some vintage tactics spammers used three or more years ago to bypass content-based spam filters. In particular, three old ploys were revived for use in conjunction with newer trends (like falsifying alerts from social networking sites) for some fresh spam tactics, as seen in the Commtouch Q4 2010 Internet Threats Trend Report.

The first all-too-familiar tactic spammers revived in recent months is the use of hidden text. Fonts are shrunk down as small as possible and changed to white so as to make them invisible to the reader over an email background. Random typing that’s invisible to the eye but visible to spam filters is inserted in the middle of words that are standard red flags to Bayesian, heuristic, and other content-based spam filters. To the recipient, words simply appear to have sporadic, erroneous spaces in them; to the spam filter, however, those spaces are actually several characters, making the words unrecognizable, and therefore not cause for a block or re-direct into a junk mail folder.

A second tactic seen again at the end of 2010 after some time is the use of Google’s cache tool to sneak spam website links past content-based anti-spam technology. Google is, by default, a white-listed, or acceptable, domain to most spam filters. By going to a website through Google’s cached version link, the resulting URL begins with the Google domain name. By turning this URL into a hot link in an email, many spam filters are accepting, while the recipient is still taken to the spammer’s intended address via a typically seamless redirect.

The third vintage spam tactic enjoying new life since the end of 2010 is known as ASCII art. This refers to the careful arrangement of computer characters (letters, digits, and symbols) to form a larger representation of an image. Just type “ASCII art” in as a Google image search to see plenty of impressive examples. Using ASCII art, spammers can create representations of letters and words without actually typing those words. Hence, content-based spam filters remain unaware of the words and phrases that a human reader will see.

These revived spam tactics underscore the ongoing need in 2011 for an email security system that doesn’t rely solely on content-based methodologies. Effective spam filtering products have a multi-tiered approach that evaluates the validity of an incoming email message based on a variety of factors.

Be the first to comment

Spam Zombie

December 8, 2011

Perhaps you’ve been staggering around, drooling, staring off into space, and pawing without coordination at miscellaneous objects within your reach. Perhaps you’re a zombie. Perhaps it’s Monday morning, Jim’s still lurking around the coffee pot, and the idea of discussing your weekend with Jim makes you twitch with sensations of oncoming spontaneous combustion, so you […]

Read the full article →

The Current Climate of Web-Based Malware Threats

November 27, 2011

The internet is becoming more hazardous to daily users, even those who take care to avoid the sort of websites typically associated with malware infections. In fact, malware infections are now considerably more likely to occur by visiting a compromised legitimate website than by opening a web page created to deliver malware, according to the […]

Read the full article →

Adult Content Spam and Sexual Harassment

October 7, 2011

Whether the message invites you to view someone’s webcam, prolong your erection, or watch “young girlz get raped,” adult content spam is becoming increasingly explicit, graphic, and offensive. It’s also becoming more common. Spam email accounted for 85 percent of all email, or 134.3 billion messages in November 2010, according to Cisco IronPort SenderBase Security […]

Read the full article →

Importance of PTR Records for Reliable Mail Delivery

September 25, 2011

Outgoing email rejections are becoming increasingly common, and while this is good news in the fight against spam, it can hurt your business if your emails are not reaching their intended targets. One reason for the increase in rejections is that growing numbers of incoming mail servers are rejecting emails from outgoing servers without a […]

Read the full article →