E-mail Security Goes Beyond Sound Infrastructure

Manish Goel, the CEO of a leading IT security provider BoxSentry Pvt. Ltd, says that the e-mail environment has continuously evolved over the recent years and fresh challenges have entered the landscape. In particular spam e-mails consisting of trojans and worms, including key-loggers, which pose a greater risk than the conventional nuisance spam, have increased. redOrbit published the statement on June 19, 2008.

Mr. Goel added that e-mail is presently the single most widespread mode of spreading malicious content while spam constitutes over 80% of overall e-mail traffic. This figure is a tremendous increase because only two years ago, spam volumes made up for around 50% of total e-mail volume.

According to Goel and other security analysts, one problem typically affecting Asian countries is the 'false positives' in e-mail, where the spam filter fails to recognize a good e-mail, discarding it into the spam mailbox. anti-spam filtering is primarily done through checking for certain keywords. Therefore, the error rate goes higher if the e-mail contains mixed languages and not in proper English.

Security experts like Goel consider phishing the other significant security threat against SMEs (Small and Medium Enterprises) and larger firms. The Anti-Phishing Working Group (APWG) reported having stepped over 25,000 phishing websites in Dec 2007 alone. Also, 30% of the reported phishing websites are presently hosted in Asia.

According to the APWG, approximately 200 brands were targeted by phishing attacks through December 2007. Mr. Goel highlighted that mostly major banks and reputable consumer brands bear the brunt of phishing, with 90% phishing attempts being made at financial services. He, therefore, laid great emphasis on strong Internet security solutions for SMEs because their e-mail systems are quite vulnerable to cyber frauds.

Security analysts also maintained that with spammers using botnets for their exploits intensively as seen in recent cases involving MX Logic, phishers are also looking out for security loopholes in websites. This way, their phishing attacks would be more lethal and assume more of a hacker's approach by loading malicious codes like viruses, Trojans, and botnets.

Related article: E-Crime Reporting Format To Be Launched in July

» SPAMfighter News - 7/10/2008