 |
 |
 |
|
 |
|
 |
| ||||
| ||||
|
| | |||||||||
|
While there have been increases and decreases over the last couple of years, with spam rates rising and falling depending on the month or quarter, the second quarter of 2008 showed a definite increase in the level of spam. By June 2008, spam accounted for 96.5 per cent of all business e-mail -- up from 92.3 per cent for the first quarter of the year. For those keeping score, 27 out of every 28 e-mails is spam. "It can vary a great deal, but it does look as though from our own stats, things have got a little bit worse. For business users, at least, only one in 28 e-mails can be considered legitimate," said Graham Cluley, senior technology consultant for Sophos. The rest are enticing workers to increase the size of their genitalia, selling drugs like Viagra or trying to trick them into providing sensitive information and passwords. Thankfully, it's quite common to find businesses with some kind of anti-spam technology active in the workplace, so end-users often miss the bombardment of junk mail flowing towards their inboxes, he said. No anti-spam technology can be perfect, though, Cluley said. While commercial spam originally started out as the Internet's version of snail mail junk, it has become more malicious in recent years. The process of being malicious has changed, though. "Most of it doesn't contain malicious e-mail attachments. That, in fact, has gone down over the years," Cluley explained. E-mail attachments were the most common way to spread viruses towards the end of the 1990s and the early 2000s, but e-mail campaigns now tend to contain links to malicous Web sites more often malware itself, he said. The e-mails try to trick people into clicking on a link to a malicious Web site. Add in the all-too-common scams aimed at vulnerable people and spam continues to have success rates that keep such e-mail coming. "Those things are done because they work. There are scammers who have made millions out of those schemes because they find one person out of the millions who falls for it," Cluley said. Spammers have also got their victims helping spread their messages by hijacking innocents' computers and infecting them with botnets. Typically, the victims are home users that don't have up-to-date anti-virus, firewalls and security patches, Sophos stated. The company pointed out that the U.S. currently ranks as the top country for relaying spam across the globe, with 14.9 per cent of the world's spamming coming from within U.S. borders. "Between April and June 2008, the computer users from the U.S. and Russia retained their shameful first and second places as the top relayers of spam," Cluley said. "Much more needs to be done to raise awareness about computer security. These computers are under the remote control of hackers, which means they can be used not only for sending a tidal wave of spam, but also potentially steal banking details and credit card information for the purposes of identity theft." With old (read: e-mail) methods still having enough success to warrant the continued blasting of mass e-mails around the globe, spammers are also turning to other avenues to spread their messages. Social networking sites are one of the newest avenues for spam. "It's tiny at the moment compared to e-mail spam, but we do see some of it. We see some spam being sent through the likes of MySpace, Facebook and LinkedIn," Cluley said. Of particular interest with social networking site-based spam is that the recipient isn't the only person who will see it, Cluley noted. If spam is posted to someone's profile wall, everyone who visits that profile can read it, so it's been broadcast to a much larger user base, he said. "Those things tend to linger," he said. Additionally, spam on social networking sites waltzes right by corporate anti-spam gateways, Cluley added. Additionally, spammers are also turning to text spam by sending SMS messages to cell phones (a potentially expensive prospect for end-users who have to pay for incoming text messages). In that case, spammers generally exploit vulnerabilities on SMS Web gateways to send a lot of messages, Cluley explained. "It can be hard for the phone companies to deal with that in a quick way," he said. He added that it's likely there will be more instances of these newer types of spam in the future. Unfortunately, while anti-spam legislation has had some success in stopping spammers (and handing a few of them prison sentences), far too many spammers reside in countries without such legislation. They're more or less untouchable. "So actually it is working and we are catching more of these guys. The problem is this is just the tip of the iceberg because there are such rewards to be [a spammer]," Cluley said. Another growing spam phenomena is what experts call "spear phishing." While regular phishing attacks include a broadcast message to thousands or millions of people, spear phishing is much more targeted. Spear phishers (phishermen?) send messages to about 10 or so people. They may all work at the same company and be new to their positions. The e-mail directs them to a link and asks them to go there and input their banking information so they can get on payroll (as an example). They're also harder for security vendors like Sophos to track, Cluley said. "They do represent difficulties because they're not sent to a million people ... but to a small number. They take longer to appear on the radar," Cluley said. Spear phishing is growing, and it can be quite successful, he said. While technology can help solve the problem to a point, education on IT processes and procedures is vital to corporate security, he said. "Spear phishing proprerly conducted can be quite successful," Cluley said. With various types of spam on the rise again, it's something that all businesses need to be aware of.
"Obviously every business now needs some kind of anti-spam filter and to keep it up to date," Cluley said.
|
|
|||||||
| |||||||||
|
home | feedback | printer friendly version | email this article
©2009 Integrated mar.com Corporation | 1.800.465.2059 |
|
|||||||
 | |
1,703 | |
 | |
421,982 | |
 | |
90,238,561 | |
 | |
$92,897,555,899 | |
 | |