Cyberoam Release Q3 2008 Report on E-Mail Threats
Cyberoam, a unit of Elitecore Technologies and the developer of identity-based UTM (Unified Threat Management) solutions, has issued its Q3 2008 e-mail threat trend report. According to it, as filtering tactics keep improving, spammers are constantly finding new methods to send their e-mails from legitimate domains and e-mail servers instead of sending them from a familiar spam IP address or a bot server that is infected and under their control.
According to the report, spammers are stealing credentials from lawful e-mail senders, including enrollment processes of e-mail accounts. They then auto-register several thousand e-mail accounts free of cost primarily by violating the CAPTCHA security system, which is designed to remove bulk automated registrations.
The report further said that spam containing doomsday announcements, frightening videos, love mails, celebration days and celebrities constituted massive combination attacks, taking advantage of users' curiosity and psychology.
Cyberoam's new security report further stated that spammers exploit users' desires to protect themselves from Web-based threats. For instance, an e-mail from the email@example.com address was crafted to appear like an update notification for the popular IE7 Web browser with a disclaimer from Microsoft site. However, any user who followed the link was struck with a disgusting executable file.
Security investigators and analysts stated that while there is a continuous improvement in reputable solutions to block zombies and given the fact that more than 55% of bots or zombies have longevity of only 24 hours, there is an urgent need to continuously update the solutions to retain accuracy.
The report reveals that China and Germany showed the most rapid turnover in zombie IP addresses at 78% and 79% respectively. While Verizon and Telecom Italia retained their positions among the top seven zombie domains, Airtel Broadband and Ukrtel were the fresh entries and Brasil Telecom was down beneath the top 10.
Meanwhile, commenting on the nature of malicious attacks, VP-Product Management, Abhilash Sonwane, said that in view of blend nature of attacks, unified security solutions that include anti-malware, content filtering and anti-virus provide 2nd-3rd layers of safeguard by preventing malware downloads and by stopping users' access to malicious sites, as reported by Cyberoam on October 23, 2008.
» SPAMfighter News - 06-11-2008