Steve's Views Rotating Header Image

March, 2008:

The threat from email

TRACE (Threat Research and Content Engineering) is a group of Marshal security analysts who constantly monitor and respond to Internet security threats. TRACE provides a service to Marshal customers as part of standard product maintenance. The service includes updates to Marshal’s unique, proprietary anti-spam technology, SpamCensor. TRACE analyzes spam, phishing and Internet security trends and provides frequent automated updates to Marshal customers. TRACE also provides “Zero Day” security protection to secure Marshal customers against new email and virus exploits the day they emerge.

There are several terms that are typical in this area:

Phishing, is a play on the word fishing, and does pretty much the same but for information instead of fish. By gathering information from computers and or people they gain enough of an edge to gain access and control over others computers.

Malware is software which is written to basically help cyber-criminals gain information and access to other peoples computers and networks. It might be hiding in web code (html) or some attachment like an mp3 or pdf file.

A Botnet is a network of “contaminated” computers that are under the control of the cyber-criminals. It is used to send bulk emails and to conduct mass attacks.

“It would be incomplete to discuss spam without commenting on the
malware and criminal activity that sustains it. Distributing spam and
malware is firmly in the domain of professional criminals looking for
financial gain. In the last six months, cyber-criminals have, unfortunately,
reached new heights of sophistication and capability.

“Not only have the large botnets taken over in terms of spam volume, they
have also evolved to reach new levels of sophistication. During the middle
of 2007, the Storm botnet grew rapidly following mass spamming of emails
containing links to websites hosting malicious code. The websites not
only hosted executable files that could be downloaded by users, but they
also hosted malicious code that attempted to exploit a number of different
known browser vulnerabilities.

The above are quotes from www.marchal.com. The link points to a page where you can read the whole report, and others.

In the report Marshal talks about cyber-criminals, “They operate in a thriving underworld marketplace where services, software tools, and software development are freely bought and sold. Computer skills are no longer necessary to execute cybercrime.”

They point out that in a recent case a botnet was rented out for $200/week which a spammer can use to send 100 million spam messages. With the considerable income from naive Internet shoppers a lot of money can and is made, which is of course what is attracting people who feel unable to earn an honest income.

Big sites are also hacked to help distribute the malware. MySpace, monster.com are but two examples. By generating a large amount of accounts with gmail, hotmail and the like they are able to spam from these accounts in bulk.

I strongly recommend that if nothing else you read the conclusion and recommendations at the last two pages. (marshal.com)