Don't get caught in the spam and malware web

Malware and spam are working together in a vicious cycle. Attackers use spam to spread backdoors to machines via mass e-mailings. Unwitting users execute these e-mail attachments, thereby installing the backdoor onto their systems. Attackers then use the newly infected system as a bounce-off point to send even more spam while laundering their source address and evading e-mail server antirelay and filter settings. This cycle continues millions of times over, keeping us in an ugly, frustrating loop.

But we can kill these birds of a feather -- malware and spam -- or at least severely limit their spread. First, it's time to get serious about spam protection in your organization. Spam isn't just about preventing user harassment by commercial solicitation to increase the size of their body parts nor is it just an issue for your messaging and capacity planning teams any more. Spam fighting is now a bona fide security issue, just like firewalls, IDS and antivirus. Therefore, your security personnel need to be involved in the design, deployment and regular assessment of antispam solutions.

Secondly, apply antivirus filters at all of your mail servers, especially that critical first set of mail servers that accept e-mail from the Internet. Although it's a tough battle, the antivirus vendors try to keep up with the rapid release of mutant backdoors spread via spam. Used in conjunction with an antispam filter, your mail server antivirus tool will cut off the vast majority of e-mail-borne malicious code before it infests your network. These filters should screen out all executable attachments coming from the Internet. Keep in mind that executable code can come packed in a variety of forms beyond the familiar .exe, .scr and .pif files. In addition to those three, your filter should also drop files with these extensions: .bat, .com, .dll, .drv, .hta, .js, .ocx, .shs, .sys, .vbe, .vbs, .vxd, .wsf and .wsh.

Finally, educate your users about safe computing practices. Today's spammers spread malicious code by preying on the ignorance of our users or employing subtle trickery to get them to run an attachment. Recent specimens spread malicious code by spoofing source e-mail addresses from your own e-mail team, Internet administrators and even various CEOs. Many users were duped by such schemes and ran the attachment from these apparently trustworthy sources. Warn your users never to click on an executable attachment, even if it appears to come from someone they know.

Thwarting the vicious malware and spam cycle requires thorough effort by all of us in the security community. By applying these tips, your organization can do its part to chip away at the avalanche of these nasty attacks, making the Internet a far safer place.

About the author
Ed Skoudis is a security consultant with International Network Services, and the author of the books Malware: Fighting Malicious Code and Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Threat Monitor,   Application and Platform Security,   Email Protection,   Email and Messaging Threats (spam, phishing, instant messaging),   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threat Monitor Cut down on calls to help desk with cybersecurity awareness training How to detect software tampering How to prevent phishing attacks with social engineering tests An enterprise strategy for Web application security threats How SSL-encrypted Web connections are intercepted How a corporate Twitter policy can combat social network threats Cyberwarfare and the enterprise: Is the threat real? Software security threats and employee awareness training Newest malware threats How to defend against rogue DHCP server malware Email and Messaging Threats (spam, phishing, instant messaging) Top spammer gets four years in jail for stock fraud scheme New Zeus spam poses as Social Security statements Messaging security risks have upper hand on solutions Web-based attacks skyrocket, pirating sites surge, security firms say Pushdo botnet uses Facebook to spread malicious email attachment Scareware report highlights successful business model How to prevent phishing attacks with social engineering tests Phishing protection begins with training, antiphishing evangelist Phishing attacks to remain a major problem, say security experts Barracuda acquires Purewire expanding Web security reach Email and Messaging Threats (spam, phishing, instant messaging) Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CAPTCHA  (SearchSecurity.com) crimeware  (SearchSecurity.com) Operation Phish Phry  (SearchSecurity.com) pharming  (SearchSecurity.com) phishing  (SearchSecurity.com) Register of Known Spam Operations  (SearchSecurity.com) Rock Phish  (SearchSecurity.com) Sender Policy Framework  (SearchSecurity.com) spam cocktail  (SearchSecurity.com) spear phishing  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.