Spammers Increase Directory Harvest Attacks
Attacks, which stole a company's entire 'e-mail directory' increased by 30 percent in August from those in July. According to Postini, a message management firm, such attacks gain pace towards the latter part of the year. Mr. Scott Petry, founder and chief technical officer at Postini said that malicious activity increased during the summer end and approaching winter. The increase in the attacks may be an indication that hackers' are starting early to collect legitimate e-mail addresses to launch virus attacks, phishing and spam.
In "Directory Harvest Attacks" (DHA), the spammer, through trial and error, sends a large number of SMTP messages to an e-mail server in order to determine which e-mail addresses are active on a particular domain. These attacks are "brute force" in nature by which spammers hack a complete e-mail directory. As hackers gain control, they strike with spam attacks on large business e-mail servers. In the process, the attacker uses a program to guess probable e-mail ids for a particular domain to which he sends messages.
Messages that bounce back are understood to be invalid but those, which do not, are considered active and the spammer adds them to his address list. A DHA attack on the server imitates a "denial of service" attack, which slows down legitimate e-mail delivery.
According to Mr. Andrew Lochart, Postini's director of product marketing, companies need to determine how much unsolicited e-mail is not spam but are DHA messages. In August, out of 88 percent of bad messages, 32 percent were 'directory harvest messages'. spam filters cannot detect these messages, as they cannot identify the content.
Countries, which had the largest number of 'directory harvest attacks', were Seoul, Tokyo, Beijing, Taipei, Mittelfranken in Germany, Sao Paulo, Herndon in Virginia and Calgary in Canada.
The issue of system security is gaining height. Thus, security firms are trying to encourage awareness among users about threats, such as the latest DHA attacks, which use other users' PCs to dispatch spam without the users' knowledge. Users are also advised to update anti-spam products and maintain a high block-rate to save their PCs from hijacks.
Related article: Spammers Continue their Campaigns Successfully
» SPAMfighter News - 03-10-2006