SPAMMERS USE VALID WEBMAIL ACCOUNTS REPORTS CYBEROAM
Attackers use blended attacks; hijack legitimate content, sites and senders to increase penetration
Ahmedabad, India 23 October, 2008
Cyberoam, a division of Elitecore Technologies and the innovator of identity-based Unified Threat Management (UTM) solutions, today announced the Q3 2008 email threat trend report, prepared in collaboration with partner Commtouch. The report reveals spammers techniques to hide their bad reputation through the use of valid or reputed mail servers, mainly web mail accounts. Malware hidden in legitimate sites is on the rise. Spammers continue to use attractive content, like celebrities and doomsday announcements for greater effectiveness.
With improving filtering tactics, spammers found new ways to send spam from legitimate mail servers and domains instead of sending email from a known spam IP address or an infected bot server. They are stealing legitimate email senders’ credentials, compromising email account enrollment processes and automatically registering thousands of free email accounts mainly by using algorithms to break CAPTCHAs which are meant to eliminate mass automated registrations.
Spam with gruesome videos, doomsday announcements, celebration days, love mails and celebrities made up for massive blended attacks, playing on user psychology and curiosity. Often, the malicious content, including flash spam among others was hosted either on legitimate sites that have been hacked or on popular public platforms like Blogspot or Flickr taking advantage of security solutions’ reluctance to generate false positives.
Says Abhilash Sonwane, VP-Product Management, “Given the blended nature of attacks, unified security that includes anti-virus, anti-malware and content filtering solutions provide second and third layers of protection by preventing downloads of malware from websites and preventing users from accessing malware-laden sites inadvertently. Even though having a strong anti-spam solution at the gateway stops spreading of spamware through official email addresses, malware-linked spam can slip in through personal email ids. Building user awareness and enforcing responsible surfing behavior in corporate networks prevents such threats significantly,” he adds.
Ironically, spammers also played upon users’ desire to defend themselves against web-based threats where an email like firstname.lastname@example.org’ was designed to look like a notification of an update to the popular IE7 web browser complete with disclaimer from Microsoft site. Users who clicked on the link were hit with a nasty executable file.
Although reputation-based solutions are continuously improving at blocking zombies, with over 55 % of zombies or bots having a lifespan as short as a single day, the solutions need to be continuously updated to maintain accuracy. Germany and China showed the fastest zombie IP address turnover at 79 % and 78 % respectively. While Telecom Italia and Verizon remained in the Top 7 zombie hotspot domains, ukrtel and Airtel Broadband are the new entries and Brasil Telecom slipped below the top ten.
Cyberoam uses the Commtouch RPDTM technology to analyze large volumes of Internet traffic in real-time. Unlike traditional spam filters, it does not rely on email content, so it is able to detect spam in any language and in every message format (including images, HTML, etc.), non-English characters, single and double byte, etc. Its language and content agnostic nature enables it to provide effective spam blocking capabilities.
Cyberoam incorporates this technology within its unique identity-based UTM appliances, which deploy user identity-based functionality across all of its features. A departure from traditional IP address-dependent solutions, Cyberoam determines precisely who is doing what in the network, providing IT managers with stronger policy control and clearer visibility of activity.
Cyberoam identity-based UTM appliances offer comprehensive protection against existing and emerging Internet threats including viruses, worms, Trojans, spyware, phishing, pharming and more. Cyberoam identity-based solutions provide the complete range of security features expected in a traditional UTM platform such as Stateful Inspection Firewall, VPN, Gateway Anti-Virus and Anti-Spyware, Gateway Anti-Spam, Intrusion Prevention System, URL/Web Content Filtering in addition to Bandwidth Management and Multiple Link Management over a single platform. Cyberoam solutions are certified by the West Coast Labs with CheckMark UTM Level 5 Certification, ICSA Labs, an independent division of Verizon Business, and the Virtual Private Network Consortium. Cyberoam has also received the Frost & Sullivan Emerging Vendor of the Year award for 2008 and was rated Positive by Gartner in its Marketscope for SMB multi-function firewalls. Cyberoam has offices in India, Woburn, MA and Asia-Pacific. For more information, please visit www.cyberoam.com
About Elitecore Technologies
Elitecore Technologies is the global provider of Cyberoam identity-based UTM appliances. Elitecore’s other divisions include Crestel Convergent Billing Solution that meets the voice, data, video billing and customer care requirements of Tier-1 service providers and 24online Billing and Bandwidth Management Solution that meets billing and bandwidth requirements for hotels, hotspots and Internet service providers. Elitecore has a strong R&D base and support center in India. Ever since its inception, it has sustained a healthy growth rate of over 100%. For more information, please visit www.elitecore.com
L. K. Pathak