April 27, 2007

FEATURE EDITORIAL

Innovative Tactics Using PowerPoint and Newsletters

The fast and sophisticated innovation of malware creators continues to thwart anti-spam and anti-virus solutions. Last week MessageLabs, a provider of integrated messaging and web security services to businesses worldwide, revealed new data on the levels, victims and sources of targeted email attacks in March 2007. Last month the company intercepted 716 emails in 249 separate targeted attacks aimed at 216 different organizations. Of these, almost 200 were one-on-one targeted attacks where the tailored attack comprised a single email designed to infiltrate one organization. These numbers represent a significant increase when compared to the same period last year when attack rates reached one or two per day.

MessageLabs also reported that for the first time, PowerPoint has emerged as the most common exploit vector, likely driven by the large number of attacks perpetrated by one gang using the same attack file, mostly originating from an IP address within Taiwan. Achieving notoriety as a carrier of typical email viruses, .exe files only accounted for 15 percent of the targeted attacks, while the more familiar Microsoft Office suite accounted for 84 percent of targeted attacks in March 2007. Other characteristics of these attacks include that they are typically timed to arrive during the busy workday and rarely over a weekend and most commonly target these five industry sectors: electronics, aviation, public sector, retail and communications.

"The bad guys know which organizations have data worth stealing and are picking them out one by one," said MessageLabs’ Senior Anti-Virus Technologist Alex Shipp. "These targeted attacks are highly difficult to detect as the large majority consist of a single email to one individual, which means they never have anti-virus signatures created by traditional anti-virus software. However, if you happen to be that one company targeted the impact could be devastating."

---

Is Your Email Compliant?

Join our Live Webinar!
Wednesday, May 9, 2007
1:00 PM EST

Compliance is one of the multiple modules available in Infocrossing’s iConnection offering, which integrates all facets of messaging management-filtering, reporting, secure messaging, archiving, compliance and electronic discovery-into a single system managed by policy. Join us to learn how Infocrossing can help your company with Compliance.

---

Spam Hijacks Newsletters

Commtouch Software Ltd., a developer and provider of proprietary anti-spam, Zero-Hour virus protection and reputation service solutions, last week released its Spam Trends Report for the first quarter of 2007. The report notes that spammers unveiled a new email tactic in the first months of the new year - hijacked newsletter spam. This type of spam aims to evade anti-spam filters by disguising itself as a legitimate form of mass distributed message - email newsletters. Spammers essentially commandeer a popular email newsletter and insert their spam image at the beginning of the message. This trick gets the malevolent message past many anti-spam solutions by cloaking itself as legitimate email newsletter. URL blockers, Bayesian filters, and image-analysis technologies have been blindsided by this technique of hiding spam within a real email newsletter.

"Hijacked newsletter spam is yet another technique developed to evade traditional anti-spam solutions," points out Commtouch President and CTO Amir Lev. "Fighting spam on a trick-per-trick basis is futile. The spammer innovation cycle is so fast and sophisticated, that as soon as traditional anti-spam solutions come up with a way to block the latest trick, the spammers have already thought of something new." More details, including samples of hijacked newsletter spam, are available in Commtouch’s Q1 2007 Spam Trends, available from Commtouch Labs.

Innovation Continues

In its Intelligence Report for April 2007, MessageLabs exposes a new level in the convergence between spam and viruses. MessageLabs reports that in what could be one of the most defining moments within the threat landscape, the company has intercepted emails that are both spam and contain a virus. While the cyber-criminals have long used email viruses to create botnets to send spam, this is the first time MessageLabs has seen viruses hidden within stock scam spam. Since April 14, MessageLabs has stopped thousands of these emails as part the latest phase in Storm Worm activity.

Late this month, the latest strains of Zhelatin also known as Storm Worm were being spammed out in stock pump-and-dump emails, which also contained links to new malware being hosted on websites under the control of the attackers. Purporting to be a screensaver, the malware then drops the Zhelatin MeSpam engine onto the compromised computer. Until now, new versions of Zhelatin have been distributed via botnets to create larger botnets for the purposes of spamming.

"Why use two emails when just one will do? Now we are seeing the bad guys layer on the threats - as if it’s not enough to just scam someone and fill their inbox with junk email, why not also infect and take control of their computer at the same time? These latest techniques are part of a new boldness being shown by certain criminal gangs we are tracking," says Mark Sunner, chief security analyst for MessageLabs. "These latest developments also serve to highlight that spam cannot be perceived as just a nuisance and it should be kept away from the desktop. Protection at the Internet level avoids any errors by end-users which could have detrimental impact on a business."

Click here for the full April 2007 MessageLabs Intelligence Report

Language Translations

IncrediMail Ltd., a software company specializing in Internet consumer products and services, announced last week it launched a translation and dictionary service, integrated with its flagship product, IncrediMail.

Through its previously announced collaboration with Babylon, a leading provider of single-click translation and information access solutions, IncrediMail users are now able to instantly get language translations, definitions and encyclopedic details for any word or phrase in an email with the click of a mouse.

"Babylon is a useful resource that helps users communicate more effectively, whether composing or reading an email, and it’s also a fantastic research tool," says IncrediMail’s CEO, Yaron Adler. The Babylon service is included in the latest versions of IncrediMail XE and IncrediMail Premium, which can be downloaded at www.incredimail.com. Current IncrediMail users can simply upgrade their version of IncrediMail to access to the service without incurring any additional costs.

Users can elect to purchase Babylon 6, the full version of Babylon, which enables language translation and dictionary services on any desktop application outside IncrediMail. The companies share the revenues from these sales.

IN THE NEWS

Net Neutrality Sees 1st Anniversary

The furor over a net neutrality happened about this time last year (See the July/August Messaging News article The Internet’s Future: Freeway or Toll Road? The Implications of Net Neutrality). At the time, both net neutrality supporters and opponents made emotional pitches, stating that they represented consumers’ best interest and were fighting to preserve consumer rights.

The Competitive Enterprise Institute sent a release this week reaffirming its opposition to such rules and reiterates its support of a competitive infrastructure marketplace stating: "Lessons from what critics disparage as ‘access tiering’ will allow us to better deal with spam, cyber-security, privacy, and piracy—all of which stem from inadequate ability to authenticate users and price online network usage. We need, not neutrality, but a plethora of overlapping wired and wireless communications networks. The result should be a better, cheaper and more robust version of the openness that today’s advocates of net neutrality seek." The SavetheInternet.com Coalition also sent a release this week stating its intention to ramp up its campaign to reinstate net neutrality. Looks like the fight over net neutrality continues today.

We welcome your ideas and your news for Messaging Newswire’s News & Trends in Email Security. Let us know what you think by sending your comments to editorial@messagingnews.com. Written or compiled by Stephanie Jordan. All trademarks are the property of their respective owners.

For marketing information on this newsletter or other Messaging News products contact jvictor@messagingnews.com