August 16, 2007

FEATURE EDITORIAL

Defining Business Continuity

On the afternoon of July 24, equipment failure knocked out electricity in downtown San Francisco and the Peninsula. While the outage lasted a reported 45-minutes, the impact was far reaching, including many Web surfers who were unable to access heavy-hitter sites like Craigslist, Yelp and RedEnvelope. The incident raised many questions, along with the realization that it doesn't take as much as one would think to lose access to customers, partners and employees.

"The Internet has changed the face of corporate communications, crystallizing the need for assured, 24x7 operation of business-critical applications; bullet-proof protection of the data associated with those applications, and pain-free, guaranteed access to both in the event of a local outage or a longer term disaster scenario," says Kelly Harray, director of ApplicationContinuity.Org, an organization dedicated to business continuity.

What used to be termed disaster recovery is broadening to business continuity. While the word disaster suggests hurricanes and the like, research reveals that natural disasters are the least likely cause of email downtime. In a recent email availability survey commissioned by Illinois-based Neverfail, Osterman Research found that hardware failure ranked as the number one cause of downtime (61 percent). Number two was network failure (59 percent), and tied for third place were power failure (45 percent) and application failure (44 percent). In 2006, a Neverfail commissioned survey by Open Sky Research also found that hardware and network failure were cited as the top two reasons for IT failure.

Harray believes that companies must develop a plan to protect key business processes and ensure business continuity. "In an attempt to aid this crucial planning process, conferences populated by all manner of high technology product and service vendors have blossomed. However, these conferences and seminars have historically addressed only a subset of the components required to meet the business continuity challenge. Typically the storage, data protection and preservation, as well as the data archiving and compliance aspects of business continuity are explored, while ignoring the obvious and critical application continuity element," says Harray.

ApplicationContinuity.org is offering a conference to focus on just that. Coming September 13-14 to San Jose, California, AppCon 2007 will be the organization's inaugural event. "During the two day event, AppCon 2007 will focus on preventing outages and promoting continuous application availability through providing information, ideas, and opinions on application survivability and reliability, with a primary focus on messaging, telecommunications, and network continuity," explains Harray.

Topic examples include:

• Essential Ecosystem Components for Business Continuity
• What Does Disaster Recovery Mean?
• Vendor Spotlights
• CIO Perspective Panel
• Getting the Most Bang for Your Business Continuity Budget
• ABC's or F's of Archiving, Backup, & Compliance
• From the Trenches - Real Life IT Highlights & Horrors (Case Studies)

"The collaborative format of the conference will allow attendees to discuss and address their specific corporate planning requirements for continuity and survivability in the face of IT infrastructure failures and disasters," states Harray. As a co-sponsor of the event, Messaging News encourages those responsible for business continuity to register today.

Spam Levels Surge

On Wednesday and Thursday of last week anti-spam experts sounded the alert about a huge spam campaign. Postini, a provider of on-demand communications security and compliance solutions for email, instant messaging and the Web, described it as one of the biggest pump-and-dump spam scams in history. The company reported that the volume of spam on August 9 was up on average 53 percent in a single day (vs. the day before the attack) with peak loads as much as 175 percent higher than normal.

Experts at SophosLabs, Sophos' global network of virus, spyware and spam analysis centers, warned that the spam campaign was designed to manipulate the share price of a company selling wireless products to young people. In its August 8 report, Sophos noted that the spam messages included an attached PDF file urging recipients to buy shares in a company called Prime Time Group, Inc. Potential investors were not made aware that the spammers had already purchased stock at a cheap price and were trying to artificially inflate its price by encouraging others to purchase more. Sophos noted that the spammers sell off their stock at a profit, which could cause the price to plummet. "The scale of this stock pump-and-dump spam campaign is like nothing we've seen before, and it looks like it is working for the cybercriminals behind it," noted Graham Cluley, senior technology consultant for Sophos. "The share price in this company has rocketed as a result of bogus news being blasted to Internet users worldwide. In an attempt to get past anti-spam products criminals are now regularly using PDF files to carry their slick enticements for potential investors. Although a solid anti-spam defense can protect against this menace, there are plenty of people who still haven't defended their email gateways and are being fooled into making an unwise investment."

Sophos reports that the email messages were sent from compromised home PCs, turned into zombies by hackers. Postini believes the spammers sold the Prime Time Group stock they had previously purchased, making perhaps thousands of dollars in a just a day or two.

PDF Attachments and Spam

In its July 2007 Intelligence Report, MessageLabs, a provider of integrated messaging and web security services to businesses worldwide, described how spam sent as PDF attachments was being adopted by more professional spammers, who are modifying the PDF files to bypass detection. Noting that in some of the most recent examples, PDF documents were created programmatically with document protection settings enabled – features that make spam more likely to bypass detection by typical anti-spam scanners. MessageLabs also said the PDFs still contained "Bayes Poison," which are long lists of randomly selected words that are unlikely to appear in a normal spam message, as an added cover to evade detection.

The July report said PDF spammers can be placed into two categories:

Simple/Amateur: Spammers who craft PDF documents using ordinary tools like Microsoft Word and use the same PDF for the entire spam run.

Professional: More sophisticated spammers who attach a different PDF to every spam. Each PDF is randomized and usually not text-based. Instead, these spammers insert randomized images into PDF documents, as well as use other tactics such as random page sizes.

"Though PDF files have traditionally been a trusted type of email attachment, we are beginning to see an increase in use for sinister activity," says Mark Sunner, chief security analyst for MessageLabs. "With a nearly 10 percent increase in malware this month, we believe this threat could become more malicious with the potential for spammers to embed malware in the PDFs, which would be automatically downloaded to the victim's computer."

The full report is available online.

MESSAGING NEWS CASE STUDY BRIEF:

Nemx Software and Magyar Bank

Nemx Software, providers of active email control solutions for Microsoft Exchange, recently announced availability of SecurExchange version 2.1. The new offering is designed to address email content control requirements of organizations with enterprise scale Exchange environments and subject to stringent internal and regulatory compliance rules.

New Jersey-based Magyar Bank recently implemented SecurExchange Corporate Edition to monitor and protect all its email communications. "We wanted a single solution that could monitor both our internal and our outbound email traffic. We looked at other alternatives, but only SecurExchange did both," says James Mazillo, VP of information systems for Magyar Bank. "We were also very impressed with the intelligence of the content analysis capabilities of SecurExchange. We are getting fantastic results with SecurExchange's concept scanning approach in terms of detection accuracy, much better than just key words. Nemx's tight integration with Active Directory and reusable, hierarchical policy model makes administration and policy management much simpler and less time consuming than the rules-based approach used by other products."

SecurExchange 2.1 is available now.

We welcome your ideas and your news for Messaging Newswire’s News & Trends in Email Security. Let us know what you think by sending your comments to editorial@messagingnews.com. Written or compiled by Stephanie Jordan. All trademarks are the property of their respective owners.

For marketing information on this newsletter or other Messaging News products contact jvictor@messagingnews.com