Malware and spam are working together in a vicious cycle. Attackers use spam to spread backdoors to machines via
mass e-mailings. Unwitting users execute these e-mail attachments, thereby installing the backdoor onto their systems. Attackers then use the newly infected system as a bounce-off point to send even more spam while laundering their source address and evading e-mail server antirelay and filter settings. This cycle continues millions of times over, keeping us in an ugly, frustrating loop.
But we can kill these birds of a feather -- malware and spam -- or at least severely limit their spread. First, it's time to get serious about spam protection in your organization. Spam isn't just about preventing user harassment by commercial solicitation to increase the size of their body parts nor is it just an issue for your messaging and capacity planning teams any more. Spam fighting is now a bona fide security issue, just like firewalls, IDS and antivirus. Therefore, your security personnel need to be involved in the design, deployment and regular assessment of antispam solutions.
Secondly, apply antivirus filters at all of your mail servers, especially that critical first set of mail servers that accept e-mail from the Internet. Although it's a tough battle, the antivirus vendors try to keep up with the rapid release of mutant backdoors spread via spam. Used in conjunction with an antispam filter, your mail server antivirus tool will cut off the vast majority of e-mail-borne malicious code before it infests your network. These filters should screen out all executable attachments coming from the Internet. Keep in mind that executable code can come packed in a variety of forms beyond the familiar .exe, .scr and .pif files. In addition to those three, your filter should also drop files with these extensions: .bat, .com, .dll, .drv, .hta, .js, .ocx, .shs, .sys, .vbe, .vbs, .vxd, .wsf and .wsh.
Finally, educate your users about safe computing practices. Today's spammers spread malicious code by preying on the ignorance of our users or employing subtle trickery to get them to run an attachment. Recent specimens spread malicious code by spoofing source e-mail addresses from your own e-mail team, Internet administrators and even various CEOs. Many users were duped by such schemes and ran the attachment from these apparently trustworthy sources. Warn your users never to click on an executable attachment, even if it appears to come from someone they know.
Thwarting the vicious malware and spam cycle requires thorough effort by all of us in the security community. By applying these tips, your organization can do its part to chip away at the avalanche of these nasty attacks, making the Internet a far safer place.
About the author
Ed Skoudis is a security consultant with International Network Services, and the author of the books Malware: Fighting Malicious Code and Counter Hack: A Step-by-Step Guide to Computer Attacks and Effective Defenses.