Security Management Strategies for the CIO
|
Spam hasn't been "solved"; in fact, the scourge has grown worse as attackers continually trump counter-measures and refine their focus on high-value targets.
As with any conflict, it's instructive to understand how and why it started, how it is being fought and what we can expect. Spam started primarily as a marketing vehicle. Sending email to harvested lists was the most cost-effective way to get a message out; a very small percentage of responses to these mass mailings was enough to turn a profit. It wasn't long before spam was used to carry malicious payloads. Ranging from Melissa, I Love You and MyDoom to the most recent scourge, Storm, the email attack is here to stay. The reason is pretty obvious: the attack mechanism remains as profitable as ever. Sophisticated spammers bring traditional direct marketing tactics to the table, innovating with new campaigns, tracking responses and refining the programs. The rise of PDF spam at the end of 2006 is a great example. PDF spam, designed to evade detection by email security tools, disappeared as quickly as it appeared because it didn't get |
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
| the same response rates as other techniques.
So we've seen the bad guys return their focus to more traditional methods like plain text and HTML formatted messages, according to Mark Sunner, chief security analyst of email security service provider MessageLabs. They still continue to try new ways to more effectively monetize PDF spam, tuning the offers and subject lines to increase response. It's a multibillion-dollar business and growing rapidly, so it's no surprise that organized crime is involved, investing heavily in networks that focus on stealing identities and monetizing those identities over time.
The battle escalated as the bad guys started to morph their messages by adding random strings and text that would thwart signature detection. Security researchers countered by developing Bayesian filters and other heuristic detection techniques to more effectively catch this frequently changing spam. Fast forward a year or two to 2003-04: All of these techniques were optimized into a spam "cocktail," which determined the relative weighting of these detection mechanisms to maximize effectiveness. In 2005, reputation-based detection was born, as antispam vendors realized you could determine the likelihood of a sender's intent based on IP address. Known spammers were quickly blocked, and it became a lot harder to get a message into the inbox. Now, the bad guys increasingly use bots to obscure their true identities and intentions. Since the bot is anonymous and tends not to have a "bad reputation," bots are very effective for a short period of time.
|
This was first published in June 2008
Join the conversationComment
Share
Comments
Results
Contribute to the conversation