By Gene J. Koprowski TechNewsWorld
06/17/06 1:30 AM PT
"The sheer volume of IM attacks is a dramatic demonstration that we're in an environment where hackers, knowing that most organizations are still unprotected against IM malware, are rapidly adopting IM for their attacks," said Andrew Lochart, senior director of marketing for Postini, a messaging security firm based in San Carlos, Calif.
Crystal Reports - Discover the Latest Innovations. Download a free trial, view real-time 'behind the scenes' functionality, and learn about new Crystal Reports Server trade in options! Learn more.
Nearly every e-mail consumers receive -- some 86 percent -- is considered spam, either malicious or simply "unwanted content" today, a new study provided to TechNewsWorld demonstrates.
"Of the 25 billion messages we processed in May, an astounding 86 percent were malicious or spam," said Andrew Lochart, senior director of marketing for Postini, a messaging security firm based in San Carlos, Calif.
As if that wasn't enough of a headache for corporate IT departments, instant messaging spam soared by 500 percent last month, just as businesses are embracing the technology for customer communications, and increasing their own usage of IM by 138 percent.
Two-Pronged Attack
"The combined increase in e-mail and IM indicates that malware writers now use a two-pronged approach to attack enterprise communication infrastructure," said Lochart.
Researchers said that antivirus experts last month stopped an array of viruses and worms, including Browaf, Tilebot and Khoobe, from infiltrating customers' networks via either e-mail or IM networks. Thus, threat prevention is emerging as a top priority for IT departments, followed by the visibility into, and control over, who within an organization is using public IM and e-mail.
"The fact that IM messages more than doubled in just one month shows the rate [at which] companies are adopting IM as a mainstream business communications tool," said Lochart. "The sheer volume of IM attacks is a dramatic demonstration that we're in an environment where hackers, knowing that most organizations are still unprotected against IM malware, are rapidly adopting IM for their attacks. That being said, IM attacks are still only a fraction of the number of e-mail attacks, so it's important companies keep up their guard on both fronts."
Last month, Postini alone processed more than 25 billion e-mail messages, a 13 percent increase from April, with more than 86 percent of all traffic being "malicious or unwanted" content. Of the 25 billion e-mail messages, an astounding 65 percent of those messages were rejected at the network layer -- the only place to stop attacks like DHAs, i.e., directory harvest attacks, and DoS, or denial of service attacks, where there is absolutely no content in the body of the message to analyze with standard filtering techniques.
According to the Postini research report, the top five viruses last month were as follows:
MyTob: 5,206,192
Netsky: 2,492,450
Swen: 1,340,982
Mydoom: 803,051
LovGate: 788,252
Specific Groups Targeted
Sometimes, the fraudsters target specific groups of people. The Federal Trade Commission last week warned veterans to be wary of e-mail scams that take advantage of their fears arising out of the theft of a computer containing sensitive information on 26.5 million vets and active duty service members. Noting that "in the past, fraudsters have used events like this to try to scam people into divulging their personal information by e-mail," the FTC told veterans and their families to watch out for phishing attacks purporting to be from the government.
The FTC advised veterans as follows:
Do not give your personal information over the Internet unless you initiated the contact and know -- or can confirm -- with whom you are dealing.
Never click on links sent in unsolicited e-mails.
The VA and other government agencies do not contact people by e-mail or telephone either to ask them for -- or to confirm -- Social Security numbers or other personal information.
In reality, veterans' data that was stolen is in a format that is not usuable by anyone except the government. An internal memo drafted by a Veterans Administration (VA) privacy executive who was investigating the data theft at the agency said that the stolen records on 26.5 million veterans were stored in a digital format that would be difficult for the thief to actually use. According to the memorandum, the criminal who stole the information would need "specialized application software and training to access and manipulate the data for use."
What is more, according to John S. Quarterman, Internet Security expert, and president of Internetperils, an IT security consultancy, finding the source of large-scale phishing attacks is getting easier. His firm, working closely with the Anti-Phishing Working Group, recently helped help banks physically locate servers that phishers were using for their scams in Florida.
Payment Alternative Uses E-Mail, Online Banking to Thwart ID Theft June 15, 2006
"Finding ways to make consumers more comfortable buying online is a growth market," Marwan Forzley, President and CEO of MODA Solutions, told the E-Commerce Times. "We have taken a fairly simple approach to addressing this issue and our solution benefits everybody in the value chain -- the consumers and the merchants."
Related Stories
Software Firms Strive to Improve E-Mail Reliability May 30, 2006
"With Exchange 2003, Microsoft put some robust reliability functions into place," said Peter O'Kelly, research director at market research firm Burton Group. With that version, the company added functions such as clustering that can help a company keep its systems online.
US Still Holds Spam Crown, China Challenges April 21, 2006
"Although we're seeing a worldwide increase in zombies, hijacked PCs infected by malware, Americans have vigilantly increased protection on their computers from malicious hackers resulting in a significant decrease in spam coming from the United States," said Ron O'Brien, senior security analyst at Sophos.
Microsoft Takes Another Step in Fight Against Spam April 19, 2006
"SenderID is quickly becoming a de facto means for e-mail communication. It's certainly not the only one. There are a number of for-fee organizations, like Goodmail, providing reputation services," Maurene Caplan Grey, founder and principal analyst Grey Consulting, told TechNewsWorld.
Related News Alerts
More by Gene J. Koprowski
Mobile Phone Network Operators React to WiFi Threat September 09, 2006
"From a strategic and financial standpoint, the routing of traffic through the IP network significantly enhances network quality and capacity, and reduces the OPEX (operational expenditures) that carriers expend on backhaul," noted ABI Research analyst Stuart Carlaw.
Apple's 'Special Event' Has Rumor Mill Churning September 06, 2006
Apple surprised technology journalists and Wall Street analysts Tuesday with an e-mail saying there would be a "special event" next week. Embedded within the Apple invitation is an interesting image of spotlights shining upon the Apple logo with the words, "It's Showtime," printed beneath it. This is giving many analysts a Hollywood kind of feeling.
Restless IT Workers Looking for New Jobs September 04, 2006
"Tech workers who stayed put in their jobs over several years of uncertainty in our industry are clearly looking to move on now that we're in a period of growth," said Neill Hopkins, vice president, skills development, CompTIA.