Spam Blockers Losing Ground on Sophisticated Attackers


This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."

Download it now to read this article plus other related content.

All of these techniques are predicated upon the nameless, faceless attacker and the mass of random victims. But special victims have a big target on their backs. Increasingly, spammers' preferred mechanism is a "one-to-one" marketing approach. Targeting specific victims with highly customized and personal attacks called "whaling," they are going after high-profile, high-net-worth whales. The personal information included in the messages and/or attachments is very difficult to detect as spam.

Sandra Vaughan, VP of marketing and products for Proofpoint, sees these attacks frequently: "For example, a realty/property management customer of ours received a 'government agency compliant'-type phish which listed a lot of detail about the target organization, including the addresses of properties that they no longer manage."

This problem is going to get worse because the bad guys are building replicable business processes to continue leveraging information.

"Some of the more sophisticated criminal organizations now have the power and data to build their own ChoicePoint-like databases of millions of victims for whom they have been able to obtain Social Security numbers, mail/email addresses, phone numbers and other personal information," says Dmitri Alperovitch, director of intelligence analysis for Secure Computing.

    Requires Free Membership to View

We will continue to see new attacks targeted at the increasingly soft underbelly of today's information systems, such as voice over IP, mobile devices, blogs and other social networks. Here is a brief overview of some of these emerging attacks:
  • SMSing. Since mid-2007, a new attack targeting the global user base of SMS users was publicized. Since the user interaction of SMS is limited, the impact of this attack was minimal, but it's certainly the shape of things to come.

  • Vishing. Secure Computing has detected an increasing number of attacks targeting voice-over-IP users. The attackers spoof caller ID information, making it very difficult to track the origin of a caller.

  • Facebook attacks. We've also seen an increase in attacks on the leading social networks like Facebook, MySpace and a variety of blogging services. We've only started to scratch the surface on how these services will be exploited to further the agenda of the bad guys.
These attacks are nothing more than nuisances now, but at some point they will become more real, and these computing platforms are literally five years behind email in terms of being able to detect and block an attack.

To outsource or Not to outsource?

As the antispam business has evolved, outsourcing to a specialized email security service provider is becoming an attractive alternative to deploying and managing an on-premises gateway. The decision to outsource is largely becoming a religious issue, as these managed services are providing topnotch detection and transparent scaling as spam volumes have skyrocketed over the past three years.

Google acquired Postini last year and is starting to drive down the price of these managed services to roughly a third of what it was at this time last year. As with every other technology market, prices tend not to go back up, so customers will enjoy an increasingly steep cost curve as prices continue to fall.

For customers needing a dedicated gateway due to either highly sensitive email traffic or the need for very granular and specific content filtering controls, Proofpoint offers a "virtual gateway" option as part of its Proofpoint On Demand service. Customers can purchase their own virtual gateway that runs in Proofpoint's cloud to give them the advantages of a managed service and the granularity that a dedicated gateway provides.

Most of the major antispam vendors provide a service-based alternative, so we could see the day when all but the largest, most specialized environments choose one of these managed service options over an on-premises gateway.


This was first published in June 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: