These days, companies utilize many technologies to protect corporate resources, such as e-mail scanners, firewalls, web proxies, anti-virus suites, and spam filters.  Keeping up with the latest scams, exploits, and security updates calls for nonstop vigil, and the spammers keep the pressure on by endlessly broadening the footprints, complexity, and heavy volume of junk e-mail they transmit out.  Many junk e-mail blockers are unable to keep up with the many variants of e-mail threats.  A growing percentage of these are holding no damaging payload themselves (thus getting around e-mail security that relies on malware signatures), but try to tempt users to internet sites that are capable of “drive-by” infections.  In other words, just visiting one of these websites can infect a user’s machine.  Promises of free music, ring tones, computer software, or photos provide motivators to visit these websites.

This type of attack relies on human traits – curiosity, the desire to get something for nothing, even lust – to tempt people to visit on the websites.  The assurance in the level of corporate security against spyware and other forms of malware is raising, which is the fundamental reason of this.  Individuals perpetrating junk emails and malware have started utilizing social engineering, adding a human dimension to their assaults.  To battle against this new kind of junk e-mail, organizations must mix technology with distinctly stated policies to deal with unsolicited commercial e-mail.

End users who are well-informed will help end the security risked posed by “wetware”.  Attacking the human factor of security measures by mailing malicious emails is usually called phishing.   When the attacker has some fundamental data on the victim, these assaults are very targeted and efficient, these attacks are usually called spear phishing.

Tags: Phishing, Spear Phishing, Wetware

Author: Christopher