In the good old days, businesses could place a good anti-virus scanner on incoming mail and stop most problems. But, those days are over. The MessageLabs Intelligence: 2007 Annual Security Report (PDF) A report issued today by Message Labs indicates that the nature of email spam has changed dramatically and is more dangerous. After one quick read of the report that came out this morning, I came away with a few thoughts:
- Spam is increasing and the criminal activity hidden in spam is increasing dramatically. The activities are more sophisticated and are aimed at getting information from you.
- The nature of spam is changing. It is becoming targeted and may contain lots of personal information. (See the quote below.) In addition, an increasing percentage of the problems come from malware that you only reach when you click on a link. This makes it harder to scan and makes legitimate email with a link harder to send.
- New communications channels -- especially instant messaging and social networking sites -- are being used to send out malicious software.
The report states that some cyber criminals have become very specific with their spam. They used the term "whaling" rather than "phishing" to describe the targets:
"Unlike more random attacks, these are more like surgical strikes, intent on stealing intellectual property or confidential information, and by the time the victim is aware of the attack, it is too late. ...
This time, in the first wave, the emails purported to be from the US Department of Justice, relating to a complaint filed against the company. The subject line copy included the full name of the recipient, and the full name of their organization. The attachment was a .ZIP file containing a .SCR, an executable using screensaver file extension, which contained the spying trojan.
In the second attack, the Better Business Bureau was this time used as the cover for the attack. The subject line was similar and referred to the full name of the recipient however the attachment format had changed; it included a .RTF formatted file with a .DOC extension, which again contained the spying trojan.
I received an email in one of these attacks (see my blog entry). Mine was supposed to be from the FTC and contained a .DOC file. It was very clever and convincing.
"In a double whammy of bad news, MessageLabs warn that spam is the most dominant menace on the IT security agenda with spam levels reaching a whopping 84.6 percent across the course of the year, plus of course the fact that 25 percent of email comes complete with a malicious link to take you directly to something very nasty indeed," said Davey Winder, the Happy Geek, and an all around good guy.
I am also increasingly concerned about the corporate need to scan messages internally. Imagine this scenario:
- User gets a document or link in his/her personal web mail account and downloads it.
- User forwards it internally to other users.
What happens to corporate protection? I am thinking that client-side scanning will be making a come back.
Subscribe by Email
