Untitled Document
Untitled Document

www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
28 January 2008  
Untitled Document
Sections

Security Special
Technology Life

Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
CIO Decisions
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Express Healthcare
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Security Special - Article

Combating the Spam menace

85% Spam=productivity hit

The exponential increase in spam has left everyone baffled. The rate at which it is increasing and breaching all security barriers paints a dismal picture, says Neeraj Gandhi

Beware! The next time you open an e-mail message to view a Christmas or a birthday card, you could actually end up downloading viruses in your system or revealing confidential information which you otherwise never wanted to share. This is because a substantial number of e-cards are spam and not actual wishes. Even the slightest degree of inattention could turn joy into sorrow and may even prove to be a highly costly affair.

The Indian spam meter is pointing in the high alert zone. 2007 saw a surge in the numbers of spam that were detected on a daily basis. According to a report titled ‘2008 Internet Security Trends’ released by Cisco and IronPort Systems, spam volumes have increased 100%, to over 120 billion spam messages daily. This means approximately 20 spam messages per day per mail box in existence.

Here are some interesting statistics on spam.

  • Spam topped the security threat list in 2007
  • “Two out of every three email messages received by today’s business users are spam”—Nucleus Research (2007).
  • “Users are spending 16 seconds identifying and deleting each spam message, which translates into an annual cost of $70 billion to all U.S. businesses”—Nucleus Research (2007)
  • Even more disturbing is “at least 90% of e-mail reaching corporate servers is spam”—Nucleus Research (2007)
  • According to a CA report, of the 90% of e-mail that is spam, 80% had links to malware or malicious sites, while spam has become harder to detect Whichever figure is right doesn’t really matter: The truth is that spam is getting worse, and fast, no matter how many laws are passed outlawing this nuisance.

It is not only the sheer numbers that have left security vendors baffled. The fact that spam has succeeded in getting past Anti-spam solutions that were deployed has been the biggest cause for concern. Another finding states that spam has become more dangerous and that spam attacks in the past were primarily selling some type of product. But in 2007, more than 83% of spam contained a URL. In accordance with a trend towards the blending of different malware techniques, URL-based viruses increased 256%.

"Bandwidth is a precious resource in a corporate network. Spam essentially eats up a lot of bandwidth. This in turn reduces the productivity. It also clogs the mail server, and a lot of time is wasted in deleting spam."



- Kartik Shahani
Regional Director, India,
McAfee Inc

"Today roughly 90% of e-mail traffic is be consider as spam, the pharmaceutical and enhancers spam is still the most common (roughly 35%). Other categories such as loan, real estate, stock pump and dump are sub 15% and the rest is software and pornographic which is 5%."

- Ajit Pathak
Country Manager, Sales Operations, SecureSynergy

Categorizing Spam

Spam has evolved strongly over past few years from being merely unsolicited mail into a serious security threat that come through your e-mail inbox. More than a nuisance, it has become a potential security threat. The current generation of spam attacks are targeted and more destructive to the e-mail infrastructure of an organization and business productivity than ever before.

That said, even the definition of spam has changed over the years. Gone are the days when spam was all about selling a product or service. Spam today comes in different flavors, and is more harmful and with destructive characteristics. additionally, one gets spam not only through e-mail, but even when one visits a blog, chats with a friend, browses on community forum and even on a mobile phone. What makes spam more deadly is the fact that it is omnipresent in the digital environment.

Broadly speaking, spam can be categorized into junk mail, commercial & non- commercial spam, offensive pornographic spam and marketing spam. Spam can also be classified as malicious and non-malicious.

“In India, almost 85% of all e-mail received by large organizations was spam. The most popular variety was Stock ‘Pump & Dump’ spam, Viagra & Fitness (Health), Image followed by pornographic spam,” said Ambarish Deshpande, Regional Director, India and SAARC, IronPort Systems.

Spam has increased globally; India is no different. What is astonishing is the alarming rate at which it has increased. “We observed a dramatic resurgence of spam in 2007, peaking at 72% of all e-mail traffic. Since 2006, spam levels have steadily increased from accounting for 56% of all e-mail to an all-time high of 72% in the recent months. Several spam ‘firsts’ were also marked in 2007, including the usage of MP3s and videos and Google alerts and searches,” said, Prabhat Singh, Director, Symantec Response Operations, Symantec India.

Deshpande added “Globally, there were roughly 90 billion spam messages being sent daily. If we were to compare this to earlier trends we can see that the volume is increasing significantly. In 2006 the daily spam email volume stood at 80 billion but in 2005 it was 40 billion. We are expecting spam to rise to 120 billion in 2008.”

"Spam hit an all time high in 2007 and we are expecting a continuous uptrend in 2008 and 2009 as well. As for India, a conservative guesstimate would probably be around the region of 35%. Spam in the next two years will come in bulk, be more sophisticated and targeted."

- Wing Fei Chia
Security Response Team Manager, F-Secure

Wing Fei Chia, Security Response Team Manager, F-Secure said, “Spam hit an all time high in 2007 and we are expecting a continuous uptrend in 2008 and 2009 as well. As for India, a conservative guesstimate would probably be around the region of 35%. Spam in the next two years will come in bulk, be more sophisticated and targeted.”

According to Niraj Kaushik, Country Manager, SAARC, Trend Micro “Spam used to be the small irritant that most enterprises used to ignore. Today it has taken the shape of a huge calamity. Enterprises not having a policy to curb spam will eventually see their profitability and productivity being affected. The problem is compounded by the fact that some companies still use old mail servers that allow them to be used as relays.”

In terms of categories of spam, Ajit Pathak, Country Manager, Sales Operations, SecureSynergy, said, “Today roughly 90% of e-mail traffic is be consider as spam, the pharmaceutical and enhancers spam is still the most common (roughly 35%). Other categories such as loan, real estate, stock pump and dump are sub 15% and the rest is software and pornographic which is 5%.”

This leads one to wonder if it’s a lack of security adoption that has led to the rise of spam. Kartik Shahani, Regional Director, India, McAfee Inc, said, “The increase in spam is also due to the increase in the number of Internet users. It is also important here to note, that spammers today are dictated by a strong financial motive, rather than just creating a nuisance and playing a game of oneupmanship.” He continued that spam is cheap and fast when used as a marketing tool. It is natural that any unscrupulous person would resort to this. The uncontrolled domain of the Internet makes it easy for spammers to continuously change addresses and identity. He also attributes the growth of spam to the increase in Internet access.

What is intriguing is the irony of it all, that none, not even the vendors are safe from spam. “Personally, I get around 100 spam messages each day in my own personal inbox and the most common type of spam being enhancing manhood followed by replica watches for sale. I presume those fall under the category of product making it the most popular,” added Chia.

Spam Cocktail
Spam cocktail refers to the use of different anti-spam techniques in combination to successfully identify and minimize spam. This is used to counter blended attacks where a spammer pushes all different ways of spamming (image, pdf, mp3 etc.) into one single message. The multiple level of security and identification techniques in a spam cocktail helps block the spam.

Some of the techniques used in Spam cocktail are:

  • Reverse DNS lookup: Checking whether the IP address matches the domain name from which a message is coming.
  • Anomaly based: Checking whether the mail looks abnormal in terms of size, signature, attachment etc.
  • Rule-based filtering: This technique consists of a set of rules that determines the behavior of an email and gives it a score. If the score is above the threshold, then it can be almost certain that it is spam.
  • Content filtering: Using programs that look for specific words or criteria in the subject line of body of a message

Eating bandwidth

It is important to note here that spam not only creates an unbearable nuisance, but that it can also damage a system. Spam mails can contain viruses, spyware and Trojans, which could either corrupt the entire network in an enterprise or lead to loss of confidential information. That’s not all, however.

“Bandwidth is a precious resource in a corporate network. Spam essentially eats up a lot of bandwidth. This in turn reduces the productivity. It also clogs the mail server, and a lot of time is wasted in deleting spam,” said Shahani .

It becomes important for any enterprise to guard their network from spam by deploying suitable anti-spam solutions. Essentially these solutions are armed with different techniques to identify spam and prevent it from entering a network. Protection from spam is done at two levels—outgoing and incoming. The former corresponds to protection at the mail server level. The latter refers to protection at the gateway. Anti-spam appliances can be deployed to ensure this.

Common anti spam techniques include:

  • Rule-based filtering: This technique consists of a set of rules that determines the behavior of an e-mail message and gives it a score. If the score is above the threshold, then it can be almost certain that it is spam.
  • Host-based filtering: It is also as also known as a blacklist. This methodology detects and blacklists hosts or domains that are known offenders.
  • Whitelisting: Under this methodology a list of trusted e-mail addresses or domains is maintained that are legitimate and all communication from these will be fully trusted. All other mail is flagged as spam.
  • Bayesian statistical analysis technique: This technique filters spam based on a user’s previous actions of deleting spam and calculates the probability of the next e-mail message that arrives is spam.
Different kinds of Spam
Stock spam Also known as 'pump and dump' spam. This type of spam spreads rumors of a particular company listed on the stock exchange and how positive the outlook of the company would be with a very strong recommendation to buy the stock. The whole idea of the stock spam is to push penny stocks up after the criminals behind it has purchased large volumes of the stock and make a healthy profit from it.
Phishing spam This type of spam always has a URL in the body of the email and asks you to verify your account, tricking an unsuspecting user to click on the Phishing link in order to steal login information of the user's eBay account to the online bank account.
Scam spam This type either has a job offer, or fake relief organizations requesting for donations, or ask you to pay a processing fee for a lottery that you won without you realizing it, or investing in a very promising business opportunity that never existed. The objective of this sort of spam is to trick one into giving money away or in the case of the money mule, committing money laundering without the user suspecting it.
Malicious ‘recruitment’ spam This spam is used by spammers to expand their current list of infected computers. One of which is the Storm worm which sends tons of Spam with an attachment in the beginning and now a link to a malicious site that when users click on it, they get infected and become part of the botnet. The other is Zlob that uses the list of infected computers to control the Web sites that users visit to generate revenue for referral and convincing users that their computer has been infected and to buy rogue Anti-Spyware products.
Instant Messaging and Chat Room spam .Instant messaging spam, sometimes termed SPIM (a portmanteau of spam and IM, short for instant messenger), makes use of instant messaging systems, such as AOL Instant Messenger, ICQ or Windows Live Messenger.
Con spam The objective of this type of spam is to cheat people in order to get personal information. This type relies heavily on identity theft and Phishing attempts.
Image/ PDF spam This type is designed specifically to fool the system, and is generally malicious in nature. Since a PDF attachment looks authentic, it becomes difficult to identify this type of spam.
Mobile phone spam Mobile phone spam is directed at the text messaging service of a mobile phone. This can be especially irritating to customers not only for the inconvenience but also because of the fee they may be charged per text message received in some markets.
Spam targeting search engines Also knows as Spamdexing (a portmanteau of spamming and indexing) refers to the practice on the World Wide Web of modifying HTML pages to increase the chances of them being placed high on search engine relevancy lists.

Spammers are getting smarter

Even though there are a host of Anti-spam solutions and techniques that are available, spammers still somehow manage to breach security and enter the network.

According to a IronPort-Cisco report, 2007 has seen a proliferation of different attachment types used in spam. Spammers are using these different attachments in order to try and get past e-mail security gateways that are unable to look into complicated file types like PowerPoint and zip files. In 2005 and 2006 there were only a couple of different attachment types seen overall, in 2007 there have been outbreaks of spam campaigns using at least twenty different attachment types.

“There is no doubt that spammers are getting smarter and more creative. They are coming up with new techniques and are finding new ways to send spam. But that does not mean that Anti-spam solutions are not working. Every time spammers come up with a new way of sending spam, a counter solution is available. This whole scenario of security vendors versus the spammers is like a game of chess, and will continue as long as good and bad people remain,” said Rajendra Dhavale, Consulting Director CA, India/SAARC.

It should be noted here that the basic method of sending spam has not changed. Instead what has come to the fore is the manner in which spammers are sending spam. “The recent attacks of spam saw the emergence of new types of spam. It changed the face of this industry. These types of spam are classified as Image spam, PDF spam, Excel spam and MP3 spam,” said Deshpande.

Other tactics include using medical terms for keywords or replacing certain alphabets in the keywords with symbols in order to fool the security system, sending spam in PDF format since it looks more authentic, use of catchy and attractive headlines, sending adult content etc.

“Last year saw the surge of spam with image spam. Some of the techniques being employed by spammers to get the image-based ads into the mailbox are so subtle; they are virtually imperceptible to the naked eye. The spammers keep utilizing more elaborate avoidance techniques to get their ads to your mailbox and it ends up being the classic cat and mouse game,” said Singh.

What’s next ?

Spam has not been limited only to desktops and the enterprise network. In fact, as large businesses are extending their corporate network to the mobile workforce, e-mail security threats have been extended to handheld devices as well. “Handheld devices could vulnerable. Though the use of such devices is limited, as the number of users is less, these devices will become the next target of attacks once they are used for financial transactions,” said Shahani.

Deshpande said that with handheld devices, employees have even greater freedom to work from any location and still have access to their company’s servers. This increases the chances for online threats as many of these devices do not have the required Web or e-mail security software. Data leakage is another problem that could be faced, where hackers could steal or read sensitive information on emails being sent from handheld devices.

That’s not all. Going ahead one could also see a sharp rise in SMS and voice spam. We definitely see SMS spam as a growing threat. As for voice spam, VoIP is becoming a popular technology. Voice spam may be employed by spammers to lure users into either buying pirated goods, divulging sensitive information.

neeraj.gandhi@expressindia.com

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.