|
Johannesburg, 30 November 2006
Spam surges as
“patchwork” images increase
Free 30-day Enterprise anti-spam
trial!
This past month has seen one of the biggest
increases in the occurrence of spam, both locally
and elsewhere in the world as image-based spam
messages suddenly escalated at an alarming rate.
Local security solutions provider
Camsoft has
reported that image spam,
as well as zombie-generated spam (where spammers
take remote control of home PCs), hit a peak of 4.5
million attack patterns in one day and that image-based
spam currently accounts for up to 50% of all spam
messages during its distribution peaks.
Images
in messages are used as a tactic by spammers to
elude traditional spam-filtering software that
analyses messages for keywords. By embedding
marketing messages in .gif or .jpg images (and more
recently the PNG format), instead of plain text the
spammers are managing to elude these filters. Even
OCR (Optical Character Recognition)-based spam
filters are being duped by the latest techniques
employed by spammers whereby the image is
constructed from a patchwork of different coloured
shapes and text is distorted to the point of just
being legible to avoid being electronically read. A
typical example of patchwork spam is shown below.
E xample
of Patchwork image spam
While not new, more spammers are using
image-based spam as organisations have started to
deploy more advanced anti-spam defenses in an
attempt to reduce the amount of spam being received.
Typically most current image-based spam messages are
for marketing stocks and shares but pharmaceuticals
and sex enhancers are still very prevalent. Although
pornography, once the most common subject of spam,
appears to be waning, it is in fact also on the
increase and it is only because more of these types
of messages are being stopped by anti-spam filters
does it seem that there are fewer of them. A
disturbing trend though has been the more hard core
nature and graphic language of pornographic spam
that is managing to get through the filters.
Animated image-based spam is also beginning to be
distributed on a massive scale for the first time.
These animated images are typically comprised of
three to seven individual frames that play in
repetition, similar to a movie. The main message is
in a single frame that appears for the longest time
- around 25 seconds - and the other frames contain
either subliminal messages (e.g. "buy ... buy ...
buy ...") or random pixels to attempt to fool
anti-spam technologies.
”When image-based spam sneaks through spam filters,
it becomes a problem on several levels”, comments
Camsoft’s
Grant Chapman.
“Image-based spam is typically three times larger
than normal text-based spam and animated image-based
messages are usually about eight times larger.
Such messages
create both storage and bandwidth problems, driving
up the costs of managing a messaging system. Total
bandwidth consumption and redundant storage
necessitated by spam has in fact more than doubled
since the beginning of the year”, adds Chapman. On
the subject of recent claims that South Africa does
not have the same level of spam problems as other
countries, Chapman says that any local IT manager
can tell you that spam is currently at its worst
level ever and comments that the rest of the world
pretty much can’t be getting any legitimate e-mails
if they are worse off than South Africa. And whilst
commending efforts by local organisations to curb
spam by placing bounties on spammers as laudable,
Chapman contends that local spam is a drop in the
ocean compared to total spam received and that
stopping local spam will likely ameliorate the spam
problem by 5% at best. “Take a look at the real-time
spam
statistics monitor
to get an idea of where most of the world’s spam is
originating and you will immediately start
recognising some of the spam arriving in your own
inbox, and what’s more you will be hard-pressed to
notice a spam attack originating from South Africa”,
advises Chapman
“Local companies that are subject to international
regulatory compliance standards such as
Sarbanne-Oxley
or the Data Protection Act must archive all
their email messages. The image files in spam can
quickly take up storage capacity and the flood of
image-based spam can be a problem even at
organisations that aren't required to retain email
messages for regulatory compliance. Unfortunately,
by all accounts our own Electronic Communications
and Transactions (ECT) Act is poorly worded and
isn’t at all clear on where organisations stand
legally in being able to bring spammers to book or
whether spam messages should be retained”, continues
Chapman. “Companies that have to archive their email
for regulatory compliance though should choose a
vendor that blocks incoming spam outside their
firewall, whereas if the messages are stopped
outside the company, they don't have to be retained.
However, companies that don't have email retention
requirements might want to have a light layer of
filtering outside the firewall to stop the most
obvious spam, without running the risk of
accidentally blocking legitimate email. Then the
company can have a second and third level of
filtering at the server and desktop level”, adds
Chapman.
Commtouch's Anti-Spam Enterprise Solution, for
example, makes use of a real-time network-based
approach to combat spam whereby Internet traffic
passing through various gateways is monitored and
message distribution patterns analysed using RPD
(Recurrent Pattern Detection). Traditional
content filtering, in use
by many spam filters is a computing-intensive
activity that can never stay on top of the spammers’
ever-changing tactics. RPD, however, is based on
analysing the distrubtion patterns of spam messages
that are sent en masse, and have a higher accuracy
rate than other solutions.
Zombie networks or 'botnets' (a network of computers
subjected to remote control) have also grown in size and
severity throughout the quarter. Commtouch research
identified hundreds of thousands of newly activated zombie
machines each day throughout the third quarter. Zombies are
typically compromised of home computers with a broadband
connection to the Internet and if the same message is being
sent by lots of individual computer users then it's an
indication of a botnet spam attack. Commtouch research found
that on average, 85 percent of spam messages sent during the
third quarter of 2006 were sent via zombie-infected
computers without the knowledge of the owners.
"Zombie networks are impossible to block out by
traditional 'blacklisting' since they are constantly
changing," comments Amir Lev, CTO of Commtouch. "They are
like the fireflies of the spam universe - the zombie is born
when the computer gets infected by rogue software, but it
only remains active for a short time from the same IP
address. Only a real-time detection engine can provide
effective protection against zombie-generated spam
messages."
Camsoft is
currently providing a 30-day free trial of
Commtouch’s Anti-Spam Enterprise Solution and
interested parties can either download the software
(94MB) or have it delivered on a CD by courier at no
charge. Please click
here
to receive the download link or have a CD
delivered free of charge to you.
Free 30-day
Enterprise anti-spam trial!
About
Camsoft
Camsoft Solutions
comprises two divisions: Data Security and CRM.
Our Data Security division provides security
solutions and services to IT business partners
serving a wide range of customers throughout Africa
and our expertise and capabilities include solutions
for anti-virus, anti-spam, spyware, authentication,
secure access and firewalls. Our technology partners
include Commtouch for Advanced Spam Defense, Aladdin
for eSafe secure Internet access and etokens,
F-Secure and BitDefender for anti-virus and personal
firewalls and spyware, Microsoft for Forefront
(formerly Sybari Antigen) anti-virus and Advanced
Spam Manager (ASM) for MS Exchange and SMTP servers,
and IQBate's for the Meridius and Adonis content
security appliances. Our network auditing solution,
NetWhyz, is one of the most powerful reporting tools
available for any size of network providing
administrators with every piece of information they
wish to know about their machines, how they are
performing and their configuration.
Our CRM division is
a Maximizer Diamond Business Partner and Accpac CRM
Business Partner and has actively been involved in
the sales, support and training on CRM solutions in
southern Africa since 1995. With full service
offices in Johannesburg and Cape Town and a
technical office in Durban, Camsoft provides a wide
range of technical support services, training and
development solutions for all our technology
partner’s products and solutions countrywide.
Customers using solutions and services provided
through Camsoft’s reseller network include ISPs,
banks, insurers, manufacturers, retailers,
recruitment agencies and call centres, among others.
About
Commtouch
Commtouch® Software Ltd.
(NASDAQ: CTCH) was founded in 1991, and is dedicated
to protecting the integrity of the world's most
widespread form of communication, e-mail. With over
fifteen years of expertise in the development of
email software, Commtouch provides spam and
Zero-Hour™ virus outbreak protection for over 50
million users around the globe. Commtouch
technologies have been licensed by over 50 partners,
including security and anti-virus vendors, managed
service providers and messaging security providers.
Based on
RPD™ (Recurrent Pattern Detection)
and other proprietary technologies, the Commtouch
Detection Center analyzes the distribution patterns
of billions of email messages per month. Based on
these patterns, Commtouch identifies new malware
outbreaks-as soon as they are introduced into the
Internet. The result is that users are protected
from emerging malware in real-time, all the time.
For example, viruses are detected and blocked within
minutes, hours before signatures are released.
Commtouch's industry-leading enterprise products
have been implemented by thousands of enterprises,
with corporate networks of up to 80,000 seats. The
company's anti-spam engine is the industry's leading
OEM offering of its kind, and Commtouch also offers
a unique OEM solution for
email virus outbreak detection.
Recurrent Pattern Detection (RPD™)
has been recognised by independent research groups
and industry analysts as a ground-breaking messaging
security strategy. What makes RPD unique is that-by
proactively probing the Internet and analysing the
distribution patterns of billions of messages each
month - it instantly identifies emerging malware
attacks. This makes it possible to block new
outbreaks in real-time-be they viruses, spam,
Phishing, fraud or any other type of malware. Other
benefits of the Commtouch approach is that it is
immune to emerging foiling attempts, and is language
and format agnostic. As long as a message is part of
a mass distribution outbreak, the Commtouch
email security engine
can detect and block it.
Security vendors that have recently announced
strategic alliances with Commtouch for their
real-time virus and spam protection technology
include F-Secure Corporation and Alt-N Technologies
for their MDaemon® messaging servers and in tests of
10 leading Internet Security suites examined by the
publication PC Professionell, Commtouch partner
G-Data was selected as Editor's Choice for its
anti-spam capability. The contenders included
McAfee, Trend Micro, Symantec, and Computer
Associates.
Recurrent Pattern Detection, RPD and Zero-Hour are
trademarks, and Commtouch is a registered trademark,
of Commtouch Software Ltd. U.S. Patent No. 6,330,590
is owned by Commtouch.
|
