Spammers Hack Servers to Infect Legit E-Mail
Spammers are getting around improved filtering systems, according to Cyberoam, a division of Elitecore Technologies.
Instead of sending e-mail from a known spam IP address or infected bot server, spammers have found ways to do so from legitimate mail servers and domains, Cyberoam noted.
The unified threat management (UTM) solutions provider said that spammers would steal legitimate e-mail senders' credentials, compromising e-mail account enrollment processes. Consequently, the spammers could automatically register thousands of free e-mail accounts mainly by using algorithms to break CAPTCHAs meant to eliminate mass automated registrations.
In particular, malware hidden in legitimate sites is on the rise, Cyberoam said.
Perpetrators also play on user psychology and curiosity by sending spam content such as gruesome videos, doomsday announcements, celebration days, love mails and celebrities' information.
Sinister Attack Methods
According to Cyberoam, malicious content like flash spam is often hosted on legitimate sites that had been hacked. Such content may also be hosted on popular public platforms like Blogspot or Flickr, taking advantage of security solutions' reluctance to generate false positives.
"Given the blended nature of attacks, unified security that includes anti-virus, anti-malware and content filtering solutions provide second and third layers of protection," said Abhilash Sonwane, Cyberoam's vice president of product management. "Such security prevents downloads of malware from websites and prevents users from accessing malware-laden sites inadvertently."
Sonwane said that having a strong anti-spam solution at the gateway stops spreading of spamware through official e-mail addresses. "However, malware-linked spam can still slip in through personal e-mail accounts."
"Building user awareness and enforcing responsible surfing behavior in corporate networks prevents such threats significantly," Sonwane said.
Ironically, spammers have also played upon users' desire to defend themselves against web-based threats, Cyberoam noted.
For example, an e-mail like 'firstname.lastname@example.org' was designed to look like a notification update for the popular IE7 web browser, complete with a disclaimer from the Microsoft site. However, users who clicked on the link were hit with a nasty executable file.
According to Cyberoam, reputation-based solutions are continuously improving in ability to block bots, with about 55 per cent of bots having a lifespan as short as one day. However, Cyberoam also noted that such solutions need to be continuously updated to maintain accuracy.
The UTM solutions provider claims to use Commtouch RPDTM technology to analyse large volumes of internet traffic in real-time. Unlike traditional spam filters, the technology does not rely on e-mail content, and is hence able to detect spam in any language, and in every message format, Cyberoam said.
Cyberoam also claims to incorporate this technology within its identity-based UTM appliances.