These days, companies utilize many technologies to protect corporate resources, such as e-mail scanners, firewalls, web proxies, anti-virus suites, and spam filters.  Keeping up with the latest scams, exploits, and security updates calls for nonstop vigil, and the spammers keep the pressure on by endlessly broadening the footprints, complexity, and heavy volume of junk e-mail they transmit out.  Many junk e-mail blockers are unable to keep up with the many variants of e-mail threats.  A growing percentage of these are holding no damaging payload themselves (thus getting around e-mail security that relies on malware signatures), but try to tempt users to internet sites that are capable of “drive-by” infections.  In other words, just visiting one of these websites can infect a user’s machine.  Promises of free music, ring tones, computer software, or photos provide motivators to visit these websites.

This type of attack relies on human traits - curiosity, the desire to get something for nothing, even lust - to tempt people to visit on the websites.  The assurance in the level of corporate security against spyware and other forms of malware is raising, which is the fundamental reason of this.  Individuals perpetrating junk emails and malware have started utilizing social engineering, adding a human dimension to their assaults.  To battle against this new kind of junk e-mail, organizations must mix technology with distinctly stated policies to deal with unsolicited commercial e-mail.

End users who are well-informed will help end the security risked posed by “wetware”.  Attacking the human factor of security measures by mailing malicious emails is usually called phishing.   When the attacker has some fundamental data on the victim, these assaults are very targeted and efficient, these attacks are usually called spear phishing.

Author: Christopher

(No Ratings Yet)

 Loading ...

Symantec’s Monthly State of Spam report for March showed an increase in bounced messages that found spammers forging sent email addresses and using them in the “From” header of their own Spam messages.

Reminiscent of Backscatter, spammers are taking advantage of mail transfer agents configured to send back a list of failed email recipient addresses, an explanation of the cause of failure, and a copy of the original email. This opens a window for Spam attacks, as anti-spam filters do not block most “failed email” replies. Since spammers forge the sender’s address, this mail is going to be received by people who have nothing to do with the Spam.

Corporate networks will feel the greatest burden of the increased attacks. Using increased bandwidth and an increase of unwanted Spam messages in users’ inboxes will result in lost productivity. Networks are encouraged to configure mail transfer agents to not send back a copy of the original failed messages and require signatures for outgoing emails.

Author: Christopher

(No Ratings Yet)

 Loading ...

Spammers are always using new tactics to get around spam protection; their latest tactic is using spam embedded into PDF documents. This makes it quite difficult for Anti-Spam products to detect these threats without increasing the false positive detections. Some Anti-Spam products just do not have the technology to detect these threats at all.

“Ultimately, filtering spam at the content level will become less and less effective. A better way to control spam is by considering the source of the message - the IP address of the mail server attempting to deliver the message” says David Salbego, Unix and operations manager of computing and information systems with Argonne National Laboratory, a division of the Department of Energy (DOE) operated out of the University of Chicago.

PDF spam currently accounts for 11% of all spam, and spam levels are on average at around 88% of all mail. Specialist expect the 90% barrier to be broken as soon as 30 days.

MX Police, our flagship email filtering Anti-Spam service utilizes advanced techniques such as sender reputation to maintain extremely high detection rates and amazingly low false positive rates. When we say “Bulletproof Your Email”; we mean it! Have a look at our datasheet for more information.

Author: Christopher

(No Ratings Yet)

 Loading ...