The sheer volume of unwanted email is increasing rapidly and
security pros say it's arriving from unexpected sources, hiding in
new ways to evade detection, and causing more serious consequences
than ever before.
 | | | | | You can ask users to tag spam,
but usually they are too busy or inexperienced to do
that.
James Brady,
senior email administratorCedars-Sinai Medical
Center |
| | | | | |
| |
|
"Our users have noticed a difference in the amount of spam – and
they've been complaining," said James Brady, senior email
administrator at Los Angeles-based Cedars-Sinai Medical Center.
Cedars-Sinai is among the enterprises trying to stop spam before
it reaches the network.
"You can ask users to tag spam, but usually they are too busy or
inexperienced to do that," Brady said. "We routinely get 5 GB of
spam each day ... The more we can avoid dealing with that, the
better."
Between May and the end of 2006, the absolute volume of spam has
increased by about 100%, said Michael Osterman, president of Black
Diamond, Wash.-based Osterman Research. In fact, some estimates
suggest that up to 85% of all email is spam.
"Today, viruses recruit innocent machines into zombie botnets
that wake up occasionally to send spam, then hibernate again before
they can be shut down," said Eric Ogren, a security analyst at
Milford, Mass.-based Enterprise Strategy Group. In addition, IM
spam – sending bogus messages to instant messaging accounts – is
becoming more common, Ogren said.
The format of spam is also changing.
"Image-based spam contains a GIF file with little text, so it
doesn't trigger some filters," said Osterman. This new spam can be
twice the size of regular emails. Plus, even if filters can
recognize graphics content, spammers can alter the image slightly –
by cutting it into pieces or adding tiny variations – to elude
detection.
Spammers aren't satisfied with distributing Nigerian scam
letters or soliciting Viagra customers anymore.
"Identity theft, phishing, and stock scams are among the goals
of the latest spam attacks," said Ross Fubini, senior director of
engineering at Symantec.
Dealing with current spam threats requires new strategies,
Fubini said.
"Our algorithms decide whether certain sources have a "bad
reputation," which we communicate to our customers," Fubini said.
Customers can then block spam from these sources. Enterprises must
also monitor sources that target them specifically; such scrutiny
benefits the enterprise directly, he said.
"Blocking spam on the periphery is ideal," Fubini said.
Otherwise, enterprise systems waste storage space, processing
cycles, and archiving capacity just to handle spam – all of which
cost money, he said.
Enterprises must also evolve strategies for dealing with IM
spam, called spim, Fubini said. This is especially true for
enterprises that use IM for official purposes, but the widespread
use of non-business IM by employees makes it necessary for all
enterprises, he said.
Security software must span all major IM providers on the
enterprise level, yet remain transparent to the user, he said.
An ongoing trend is to unify multiple forms of protection in a
single product. For example, security software to reduce email spam
might include features to block IM spam.
The irony of the spam problem is that – if everything works
right – users never notice anything, and may actually wonder what
the care and expense to block spam is all about.
"It's just like: you may wonder what you pay police for, until
your house is robbed," Fubini said.