Security Bytes: The hidden language of spammers

In other industry news, Altiris buys Pedestal Software, Symantec expands its e-mail security line, Trillian IM users at risk and banks held to more rigorous data theft disclosure standards.

The words spammers most want to hide
"Cialis" is the word spammers most often try to disguise when sending out unsolicited messages. Lynnfield, Mass.-based antivirus firm Sophos reached that conclusion after analyzing the list of words spammers most often mask to keep their messages from getting sucked into antispam filters.

"Spammers have a dilemma," Graham Cluley, senior technology consultant for Sophos, said in a statement. "They want to sell certain products or include certain phrases in their spam e-mails, but they also know that many people will have filters looking for those words and automatically junking them. For this reason they use obfuscation to try and disguise the words from the antispam software."

Sophos researchers found that up to 80% of spam tries to mask certain words and slip past antispam software at the e-mail gateway. "These tricks can be as simple as deliberately misspelling a word or using a zero instead of the letter 'o' to much more sophisticated techniques that exploit the power of HTML e-mail," the firm said.

Sophos analyzed a list of words based on the level of frequency in which they're used in spam e-mails to determine which are most commonly skewed. The lab estimates that more than 30% of spam it received contained URLs related to healthcare advertisements such as drug offers. More than 20% of URLs had offensive text messages.

"The list of words most commonly hidden by the spammers from antispam software reveals that most spam is about the old favorites: drugs, money and sex," Cluley said. Cialis, for example, is a prescription drug used to treat erectile dysfunction.

Here are the top 10 words most commonly masked in spam e-mails:

  • 1.) cialis
  • 2.) orgasms
  • 3.) viagra
  • 4.) shipping
  • 5.) milf
  • 6.) valium
  • 7.) pharmacy
  • 8.) xanax
  • 9.) increase
  • 10.) vicodin

Altiris buys Pedestal Software for $65 million
The trend to wed systems management and security has spurred the acquisition of privately held security management vendor Pedestal Software Inc. by Altiris Inc. for $65 million. Newton, Mass.-based Pedestal Software makes audit and compliance software for Windows, Unix and Linux platforms. Altiris, of Lindon, Utah, makes lifecycle management software that helps companies track their desktop and server assets, among other things.

Many systems management vendors, such as NetIQ Corp. in San Jose, Calif., and BindView Corp. in Houston, Texas, are developing products to help companies manage and monitor systems to ensure compliance with a gamut of regulations -- or to fix systems that are not in compliance, said Charles Kolodgy, an analyst at International Data Corp., a Framingham, Mass., market research firm. The ability to combine features that fix out-of-compliance software and change management features are important to customers, he added. "Altiris is probably getting pressure from systems management vendors who have strong security components. Most of the products in this space are not integrated; rather, they complement each other. It's the task of the vendor to make the convergence of systems management and security seamless."

Altiris executives said the company will immediately begin integrating Pedestal's products into its partner and distribution channels, and then scale the business in the second half of the year.

Symantec adds e-mail security muscle
Symantec said it has added real muscle to e-mail security with its new Hosted Mail Security product. The Cupertino, Calif.-based antivirus giant said its goal is to reduce the burden IT shops face over increasing costs and the difficulty of maintaining on-site defenses.

"Symantec Hosted Mail Security provides comprehensive protection against spam, viruses and other unwanted content for inbound and outbound Internet e-mail traffic," the company said in a statement. "Symantec Hosted Mail Security is the third essential form factor that completes Symantec's Mail Security offering and gives customers a broad set of robust deployment options including server-software, pre-configured appliances and now a hosted solution to help address their email security needs."

Security hole found in Trillian instant messaging client
Pittsburgh-based LogicLibrary last week reported a vulnerability in the Trillian instant messaging client adopted by more than 1 million Windows users. The buffer iteration overflow could allow a malicious hacker to gain control of the computer's operating system. It also could cause systems to continually crash. LogicLibrary's BugScan application security analysis tool found the flaw in Trillian's handling of HTTP 1.1. response headers in some plug-in components, according to a statement issued by LogicLibrary. The vulnerability originally appears in Trillian 2.0, produced by Cerulean Studios, but were thought to be fixed with version 3.0. However, the problem apparently exists in the current 3.1 version, according to LogicLibrary. Trillian allows users to be on several instant message and chat networks simultaneously, including AOL Instant Messenger, Yahoo, MSN and RSS through an extensible plug-in system that connects to an external Web server at various points. The Yahoo IM component is the one said to still include the buffer iteration problems.

Financial institutions must inform customers of data thefts
New federal regulations approved last week will require banks and some other financial institutions to tell their customers if their private data is at risk due to hackers or identity thieves. But lobbyists were able to dilute the disclosure requirement to only breaches likely to result in misuse of the data. The new rules cover thousands of financial companies regulated by the Federal Deposit Insurance Corp., Federal Reserve, Office of Thrift Supervision and Comptroller of the Currency. Affected companies also are now required by law to report any security breaches to their regulators and law enforcement agencies. The new rules follow some high-profile security lapses, including Bank of America's loss of unencrypted data tapes containing 1.2 million federal workers' credit card information.

Dig Deeper on Emerging cyberattacks and threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.