You are in: Articles / Security / Antispam
 
 
Quick-List: Articles in Antispam

How to Reduce Malware-Induced Security Breaches

7 Scrooge-worthy scams for the holidays

AntiVirus and AntiSpam email scanning. The Axigen-Kaspersky solution

Report: 95 percent of all email is spam

Vulnerability management: The basics

Five tips for avoiding self-inflicted email security breaches

Malware reaches all time high

Security secrets the bad guys don't want you to know

The top 10 'most wanted' spam-spewing botnets

Securing 4G smartphones

3.7 billion phishing emails were sent in the last 12 months

Cloud security: The basics

What are the prospects for smartphone security threats?

Endpoint security: managing enterprise smartphone risk

Research: 1.3 million malicious ads viewed daily

Are you ready for these Internet security threats?

How to Integrate Data Loss Protection in Web 2.0 Security Strategies

Mac Users Do Not Spam, Linux Users Do

5 Best Practices for Enterprise Security

10 ways to make sure your data doesn't walk out the door

New cyber security threats

Tens of millions still opening junk e-mail

Top 6 Security Myths and How to Beat Them

What Are the Most Underrated Security Technologies?

Spam plague in February and more to come

Security tips for large and small businesses

America's 10 most wanted botnets

Spammers exploiting more news stories

5 ways to protect & hide your email to stop receiving spam

Defining and designing email security

Spam traps catch 95% of email sent

10 email scams to watch out for

Identity Confirmation - Challenge / Response anti-spam filtering with a twist

Introduction to Innovative Mail Filtering with AXIGEN

Making Sense Of E-Mail Threats

Expand Your Mail Server to Suit Your Needs

Spammers Find a Home on Microsoft Live

Spam Still On The Skids

Global Spam Falls by 70% as US Hosting Firm Shut Down

India is the Number One Spamming Nation in Asia

Eight crazy e-mail hoaxes millions have fallen for

Google Sees Massive Spam Spike

Email Threats Trend Report

Malicious Spam Traffic Triples in One Week

And Still the Spam Comes...

100 E-mail Bouncebacks? You' ve Been Backscattered.

How to Stop Spam Disguised as Business Email

Spam Hits an All-Time High

Gone Phishing

ISPs Need To Overhaul Spam Reporting System, Survey Reveals

Organizing IT Chaos through Email Authentication

How Spammers Identify Their Targets

Fighting Phishing Scams

Mail Server Blacklists and Spam

Europe's The New Spam Capital - Symantec Report

Are Botnets Beating Us in the War on Spam?

The Real Cost of Spam

Spam countermeasures and blocking mechanisms

Spammer tactics of circumventing filtering

Spam overview and spam types

Preventing spam bots from hijacking an enterprise network

Introduction to Antispam Practices

Eliminating the threat of spam email attacks

Articles in Antispam

How to Reduce Malware-Induced Security Breaches

(Steve Dispensa, eWeek) Malware has caused the industry to rethink its security best practices, introducing tools such as transaction verification to guard against real-time, man-in-the-middle attacks. Out-of-band authentication mechanisms are growing rapidly in popularity. While it is certain that malware will continue to evolve, Knowledge Center contributor Steve Dispensa offers four simple steps you can take to significantly reduce your malware-induced security breach exposure.

In a recent survey of IT professionals, over 32 percent felt that malware installed on PCs will pose the greatest external threat to IT security over the next 12 months. Over 16 percent indicated that malware on mobile devices presented the greatest threat. In total, malware running on PCs and mobile devices was ranked the top threat for 2010 by nearly 50 percent of respondents.

Fortunately, there are four concrete steps you can take to prevent malware threats in your organization:
  1. Step No. 1: Have a corporate anti-malware solution
  2. Step No. 2: Patch!
  3. Step No. 3: Deploy strong authentication
  4. Step No. 4: Use transaction verification
|
|
Rating: 12345
 

7 Scrooge-worthy scams for the holidays

(Joan Goodchild, NetworkWorld) All crooks want for Christmas is to steal your money and sensitive information. Security experts give tips on avoiding scams.

The 2-week mark before Christmas is when things start to ramp up out of control. Spammers and malware authors focus on when the attention is going to be there. And you don't need to be shopping online to get caught in one of their traps. Even checking out email or spending time on Facebook and Twitter has its risks for the unaware. Here are seven holiday humbugs to avoid:
1. "Free iPad giveaway!"
2. Fake gift cards
3. Stripped gift cards
4. "You're preapproved for this credit card!"
5. Bad e-cards
6. Bad links to holiday sales, job offers, etc.
7. Fake charities

Read more by following the "full article" link.
|
|
Rating: 12345
 

AntiVirus and AntiSpam email scanning. The Axigen-Kaspersky solution

The present document offers a comprehensive analysis of the ways to secure corporate email systems. It provides an expert opinion on the available approaches, architectures and deployment options for implementing security applications in the email infrastructure, while keeping a special focus on the benefits of using the integrated Axigen-Kaspersky solution.
|
|
Rating: 12345
 

Report: 95 percent of all email is spam

(Lance Whitney, CNet) Spam accounted for 95% of all email sent worldwide during the third quarter, according to a report released today.

Panda Security's third-quarter report also found that 50% of all spam came from 10 countries, with India, Brazil, and Russia as the top three sources. The U.S. came in No. 8, while the U.K. dropped off the list. Much of the spam that invades in-boxes comes from botnets that hijack computers whose owners don't realize their PCs have been infected, the report noted.

Trojans now are responsible for 55% of all malware threats, with many of them designed to steal information in order to access financial accounts. These types of threats have generally grown over the past two years, according to Panda, because their creators know they can get the greatest return on investment.

|
|
Rating: 12345
 

Vulnerability management: The basics

(Bill Brenner, NetworkWorld) The more apps companies deploy, the more complicated vulnerability management becomes. In the rush to find every security hole and seal it off from potential hackers, it's easy to let something important slip through. That's especially true if you're an IT administrator juggling several tasks of which security is one.

To get anywhere with vulnerability management, Northcutt said there are five things to consider first:
1.Vulnerabilities are the gateways through which threats are manifested.
2.Vulnerability scans without remediation have little value.
3.A little scanning and remediation is better than a lot of scanning and less remediation.
4.Vulnerabilities in need of fixing must be prioritized based on which ones post the most immediate risk to the network.
5.Security practitioners need a process that will allow them to stay on the trail of vulnerabilities so the fixes can be more frequent and effective.

If a data breach happens and it's traced back to a flaw the company knew about but didn't fix, the consequences can be serious. "This could be factored into the punitive damages phase of a court case," Northcutt said.

Next, Northcutt said it's important to identify the primary threat vectors an organization must worry about. They are:
- Outsider attack from network
- Insider attack from network (VPN)
- Outsider attack from telephone
- Insider attack from local network
- Insider attack from local system
- Attack from malware

Read more by following the "full article" link.
|
|
Rating: 12345
 

Five tips for avoiding self-inflicted email security breaches

(Chad Perrin, TechRepublic) Email security is about a lot more than just using a good password on your POP or IMAP server. Perhaps the most important part of email security is ensuring you don’t shoot yourself in the foot.

These tips focus on the ways users break their own security rather than on protecting against the predations of malicious security crackers. Security can be violated through careless acts more easily than by outside forces.
1. Turn off automated addressing features
2. Use BCC when sending to multiple recipients
3. Save emails only in a safe place
4. Use private accounts for private emails
5. Double-check the recipient, every time — especially on mailing lists
|
|
Rating: 12345
 

Malware reaches all time high

(Tom Brewster, ITPro) Malware levels have reached new heights as the first six months of 2010 proved to be the most active for malicious file activity on record, McAfee has reported.

There were 10 million new pieces of malware logged in the first six months of this year, while 6 million were discovered in the second quarter alone.

Threats were most likely to emanate from portable storage devices like USBs, while fake anti-virus software was the second most popular choice among malicious file spreaders. Social media-specific malware was the third most common basis for attacks.
|
|
Rating: 12345
 

Security secrets the bad guys don't want you to know

(Robert McMillan, ComputerWorld) You know to keep your antivirus program and patches up to date, to be careful where you go on the Internet, and to exercise online street-smarts to resist being tricked into visiting a phishing site or downloading a Trojan horse. But when you've got the basics covered, but you still don't feel secure, what can you do?

Here are a few advanced security tips to help you thwart some of today's most common attacks:
1. Avoid scripting - This may be the one piece of advice that will do most to keep you the safe on the Web: steer clear of JavaScript, especially on sites you don't trust.
2. Back out of rogue antivirus offers - Rogue antivirus programs have emerged as one of the most annoying security problems of the past few years.
3. Sharpen your password game - People have to remember too many passwords on the Internet. Everyone knows this, but most of us get around the problem by using the same username and password over and over.Hackers know this as well, and they're happy to use it against you.

Read more by following the "full article" link.
|
|
Rating: 12345
 

The top 10 'most wanted' spam-spewing botnets

(Ellen Messmer, Network World) Spam continues to grow largely due to the growth in malicious botnets. Many botnets are command-and-control systems used by criminals and are still the main way that spam is spewed into your e-mail box. A recent report states that the worldwide spam volume has now climbed to 230 billion messages per day, up from 200 billion at the start of 2010.

M86 Security has created the "Top Ten Most Wanted" Spam-Spewing Botnets list, many of them are believed to be controlled in Eastern Europe by criminals who manipulate compromised systems, mostly PCs, around the world to generate spam:
1. Rustock (generating 43% of all spam)
2. Mega-D (10.2%)
3. Festi (8%)
4. Pushdo (6.3%)
5. Grum (6.3%)
6. Lethic (4.5%)
7. Bobax (4.3%)
8. Bagle (3.5%)
9. Maazben (2.0%)
10. Donbot (1.3%)

Read more by following the "full article" link.
|
|
Rating: 12345
 

Securing 4G smartphones

(Brad Reed, NetworkWorld) Like all good things, the increase in speed and power comes with greater risks: added data capacity, connection speeds makes 4G smartphones more vulnerable. This article describes what any smart IT department should know before allowing a 4G device onto its network.

The increased mobile data usage is only expected to intensify in the enterprise as more executives could try to use their favorite devices for both work and personal use. Mike Siegel, a senior director of product management at McAfee, says this will put a particular strain on IT departments' abilities to protect data across multiple operating systems and applications. "We have senior executives now who are pushing on IT to support Android or iPhone," he says. "With iPhone and Android, you have a propagation of applications that have connections back to sensitive corporate data in the cloud. So these devices now are very much a data leakage vulnerability."

What is to be done? Read more by clicking the "full article" link.
|
|
Rating: 12345
 

3.7 billion phishing emails were sent in the last 12 months

(Carrie-Ann Skinner, NetworkWorld) Cybercriminals sent 3.7 billion phishing emails over the last year, in a bid to steal money from unsuspecting web users, says CPP. 25% of Brits have been victims of scams, losing on average £285.

A new research revealed that 55% of phishing scams are fake bank emails, which try and dupe web users into giving hackers their credit card number and online banking passwords. Hoax lottery and competition prize draws and 'Nigerian 419' scams that involve email requests for money from supposedly rich individuals in countries such as Nigeria, were also among the most popular phishing emails.

CPP also revealed social networking scams are on the rise. Nearly one fifth of Brits have received phoney Facebook  messages claiming to be from friends or family in the past year. One in 10 fear that fraudsters are using Twitter to follow them, while a third are concerned their social networking account could be hacked.

"It seems that not a day goes by without a new case of online fraud hitting the headlines. But what's concerning is that consumers are still falling victim," said Nicole Sanders, an identity fraud expert at CPP.
|
|
Rating: 12345
 

Cloud security: The basics

(Mary Brandel, NetworkWorld) Cloud computing is one of the most-discussed topics among IT professionals today. And not too long into any conversation about the most highly touted cloud models - software as a service (SaaS), infrastructure as a service (IaaS) or platform as a service (PaaS) - the talk often turns to cloud security.

According to Milind Govekar, an analyst at Gartner, cloud has rocketed up the list from number 16 to number two in Gartner's annual CIO survey of key technology investments. "Like with anything new, the primary concern is security," he says. In fact, the vast majority of clients who inquire about cloud, he says, would rather create a virtualized data center on their own premises - what some call a private cloud - because they're uncomfortable with the security issues raised by cloud computing and the industry's ability to address them.

"We are in the early stages of a fascinating journey into a new computing model that, for all its purported advantages, from a security and risk point of view, is a difficult thing to deal with," agrees Jay Heiser, an analyst at Gartner.[...] For this reason securing cloud computing environments will be a major focus of vendor efforts over the next year, says Jonathan Penn, an analyst at Forrester Research. In the short term, he sees users having to do a lot of the legwork, but over time, "cloud providers themselves will see the opportunity to differentiate themselves by integrating security," he says.
|
|
Rating: 12345
 

What are the prospects for smartphone security threats?

(Chad Perrin, TechRepublic) Smartphones are becoming ubiquitous, but they are still limited in their usefulness. This is actually a boon for their security, at least for now — because they have not been effectively secured well enough to replace a desktop or laptop computer for a lot of high-risk activities.

With the growing popularity of smartphones, people are beginning to speculate about whether there will be an explosion of security issues in the near future. When will the storm of viruses appear? When will smartphones — relatively low-power by the standards of personal computers, but online pretty much all the time — become a platform of choice for botnet nodes?

Some security experts are skeptical of the idea that smartphones will ever be much of a target for malicious security crackers to build botnets, or otherwise hijacking resources. Maybe the botnet threat will never materialize for the smartphone platform, because it is so limited compared to the general-purpose desktop and laptop computer. On the other hand, even if malicious security crackers are not directly targeting our smartphones yet, the ability to transfer files between a smartphone and a more general-purpose computer means that a smartphone can become an important vector for spreading viruses and other mobile malicious code.[...]
|
|
Rating: 12345
 

Endpoint security: managing enterprise smartphone risk

(Tim Lohman, Computerworld) Almost by the day, enterprises are becoming more receptive to the consumerisation of IT and introduction of mobile devices and platforms into their environment. But introducing smartphones, netbooks or newer technologies such as the iPad and e-readers, can pose security issues to an organisation - and to any customer or business included in the data held on the devices.

Threats such as Trojans and drive-by-downloads which attack and exploit unpatched vulnerabilities in software installed on an endpoint, rogue security applications, spyware, botnets, worms, viruses and phishing attempts are all threats that apply as much, if not more-so, to consumer devices as office-bound PCs. And once commercial data makes its way onto an employee's device, which is often unmanaged, the enterprise can no longer control its spread or usage. [...]

IT managers must also bear in mind that while employee devices perform a dual role - as a personal device and a company device - the protection of any organisational data held on the devices is totally up to the company, says senior marketing manager for Websense, David Brophy.[...]
|
|
Rating: 12345
 

Research: 1.3 million malicious ads viewed daily

(Dancho Danchev, ZDNet) New research indicates that 1.3 million malicious ads are viewed per day, with 59% of them representing drive-by downloads, followed by 41% of fake security software also known as scareware.

More findings from the Dasient research:
- The probability of a user getting infected from a malvertisement is twice as likely on a weekend and the average lifetime of a malvertisement is 7.3 days.
- 97% of Fortune 500 web sites are at a high risk of getting infected with malware due to external partners (such as javascript widget providers, ad networks, and/or packaged software providers).
- Fortune 500 web sites have such a high risk because 69% of them use external Javascript to render portions of their sites and 64% of them are running outdated web applications.

The research’s findings are also backed up by another recently released report by Google’s Security Team, stating that fake AV is accounting for 50% of all malware delivered via ads.
|
|
Rating: 12345
 

Are you ready for these Internet security threats?

(Linda Musthaler & Brian Musthaler, NetworkWorld) Symantec has published its annual in-depth threat report and recommendations on how to improve enterprise security.

Based on multiple sources, the report presents an in-depth view of what threats exist on the Internet today, and what the trends are over a span of years. For example:
  1. There continue to be many targeted attacks on enterprise organizations.
  2. Web-based attacks are still common, and they are the primary means to install malicious code on computers.
  3. More than 240 million distinct new malicious programs.
  4. Executable file sharing has become the primary means of transmission of infections, especially for viruses and worms.
  5. Botnets are responsible for distributing 85% of spam.[...]
|
|
Rating: 12345
 

How to Integrate Data Loss Protection in Web 2.0 Security Strategies

(Bob Hinden, eWeek) Businesses in all types of industries today are investing in data loss protection technology at increasingly higher rates because of the increase in corporate insider threats. As more employees utilize Web applications for real-time communications, data leak prevention has become even more complex.

The ease of sharing information, combined with real-time communications, makes many of these social networking tools very compelling. And such trends are expected to continue, with enterprise spending on Web 2.0 technologies projected to reach $4.6B globally by 2013. Businesses can't ignore the opportunity to increase productivity by leveraging these new tools.

But the Web 2.0 world has made security more complex, and organizations are looking for a comprehensive approach to security that reduces—not multiplies—the number of threats, as well as eases management and regulatory challenges faced by IT managers.[...] An effective Web 2.0 security strategy will complement network protection with comprehensive endpoint security, and allow organizations to easily integrate new security services on existing infrastructure without exhausting limited IT budgets.[...]
|
|
Rating: 12345
 

Mac Users Do Not Spam, Linux Users Do

(Wolfgang Gruener, ConceivablyTech) MessageLabs has released a new issue of its monthly intelligence report, which reveals interesting statistics of spam originating from client computers that are infected by botnets. Not surprisingly, most spam comes from Windows users, but Linux systems are five times more likely to be sending spam than Windows. And: There is virtually no spam that is sent from Apple Mac computers.

Spam still accounts for nine out of ten emails (89.9%) sent, one in 341 emails contains malware and one in 455 emails carries a phishing attack. Spam is dominated by botnets that infect client computers around the globe and use their connectivity to send out emails.[...]The entire spam volume caused by all botnets currently monitored is about 121 billion messages per day from up to 5.6 million computers. Non-botnet spam is only 7 billion messages per day, bringing the total spam volume to just above 128 billion messages per day.

If we look at the PCs that are controlled by the botnets and that are sending the spam, and break them down by operating system, MessageLabs’ data shows, not surprisingly, that 92.65% of all spam came from Windows machines, 0.001% from Mac OS X systems and 5.14% from Linux computers in March 2010.
|
|
Rating: 12345
 

5 Best Practices for Enterprise Security

(Jamey Heary, PCWorld) With today's limited security budgets you need to be sure that you've adequately covered your highest risk areas before moving on to other things. Take a look at the top 5 security solutions you can put in place today to cover the widest scope of current and emerging threats.

These 5 items working together will stop more cyber attacks on your data, network and users than any other 5 items in the marketplace today. There are lots of other very useful security solutions on the market but when it comes to picking the top five most effective and readily available ones, here are the choices:
  1. Firewall - without firewalls in place to drop unwanted flows, your job of protecting your assets increases exponentially;
  2. Secure Router - routers are chock full of security features, sometimes even more so than a modern firewall;
  3. Wireless WPA2 - if you aren't using WPA2 wireless security then stop what you are doing and form a plan to start doing so;
  4. Email Security - a good email security solution will get rid of the junk and filter out the malicious stuff as well;
  5. Web Security - web security needs more than just URL filtering.
Read the detailed description of these 5 items by following the "full article" link.
|
|
Rating: 12345
 

10 ways to make sure your data doesn't walk out the door

(Debra Littlejohn Shinder, TechRepublic) Many organizations focus on protecting against external attacks but ignore a threat that might be even more destructive: data theft by someone inside the company. Here’s an up-to-date look at critical areas of concern.

Hacker attacks that bring down the network get a lot of attention, so companies concern themselves with protecting against those threats. In this article, we’ll take a look at what you should be doing to keep your data from walking out the door.
  1. Practice the principle of least privilege and put policies in writing
  2. Set restrictive permissions and audit access
  3. Use encryption
  4. Implement rights management
  5. Restrict use of removable media
  6. Keep laptops under control
  7. Set up outbound content rules
  8. Control wireless communications
  9. Control remote access
  10. Beware of creative data theft methods
Read more by following the "full article" link.
|
|
Rating: 12345
 

New cyber security threats

(Veronica C. Silva, MIS Asia, NetworkWorld) A new report on consumer online behaviour and criminal activities on the Internet noted that new security threats have recently emerged, prompting the implementation of a mix of security solutions to protect unsuspecting victims.

Blue Coat's annual 'Blue Coat Web Security Report for 2009' released recently noted that security solutions are finding it difficult to keep up with the rapid attacks by cyber criminals. The popularity of social networking activities online is also making the Internet more vulnerable to recent attacks. The report noted that social networking sites accounted for 25% of activity among the top 10 URL categories last year. Web-based e-mail, on the other hand, dropped in popularity from fifth place in 2008 to ninth in 2009.

"The battlefield for information security against identity theft and cyber crime is the Web. The Web, and especially social media, is where the apps are, where the eyeballs are and, therefore, where the attacks are," said Andreas Antonopoulos, senior vice president and founding partner of Nemertes Research.[...]
|
|
Rating: 12345
 

Tens of millions still opening junk e-mail

(Dave Rosenberg, CNET) In this day and age of technological advancement and digital lifestyles, it's incredible to me that nearly half of a recently surveyed audience opened junk e-mail (aka spam), intentionally.

According to a new survey report, tens of millions of users continue to respond to spam in ways that could leave them vulnerable to a malware infection or bot network. The results of the survey show that nearly half of the users have opened spam, clicked on a link in spam, opened a spam attachment, replied, or forwarded it - all activities that leave consumers susceptible to fraud, phishing, identity theft, and infection.



Read more by following the "full article" link.
|
|
Rating: 12345
 

Top 6 Security Myths and How to Beat Them

(Kenneth van Wyk, Computerworld) Should it really be necessary for a consumer to be a security  expert to safely use a computer? We get disgusted that users keep falling for old tricks. But what are we doing to actually help these people?

We should start by better understanding the misconceptions about e-mail and Web site safety that pervade the user base. For example:
  1. If an e-mail looks authentic, it is safe
  2. This e-mail came from someone I know, so I know it's safe
  3. If a friend on Facebook or Twitter posts a link, it's safe
  4. If I merely view a message, without clicking on any attachments or links, I'm safe
  5. If I go to the URL, but don't do anything while I'm there, I'm OK
  6. If my browser displays the locked padlock, then the site is secure
Our systems - from their operating system cores and through the e-mail clients, Web browsers, etc. - need to help our users do things securely.

Read more by following the "full article" link.
|
|
Rating: 12345
 

What Are the Most Underrated Security Technologies?

(Bill Brenner, ComputerWorld) The security community has grown to depend on some basic technologies in the fight against cyber thieves. Here are four techniques and related technologies several cited as underrated in today's security fight.

1. Whitelisting
Application security is something companies increasingly worry about, as the number of business and personal apps proliferate. One of the more overlooked features of the technology is whitelisting - the art of allowing only traffic known to be valid to pass through the gate; thus providing an external input validation shield over the application.
2. Data encryptors and/or shredders
You need shredding machines to securely dispose of unnecessary or unscanned records and data encryption to protect the necessary scanned ones.
3. CPU stress testers
It seems that the current state of firmware security, even in case of such reputable vendors as Intel, is quite unsatisfying.
4. Firewalls and AV
Firewalls and AV may no longer get the glory, but many regard them as absolutely necessary parts of any network security posture.
|
|
Rating: 12345
 

Spam plague in February and more to come

(Mis Asia Writer, Network World) Global spam volume grows by 25 per cent. A new research revealed a surge in spam levels in February 2010 to make up 89.4% of all e-mails.

Spam levels in Hong Kong reached 90.6% and virus activity in China was the highest in the world in February, according to Symantec's latest MessageLabs Intelligence Report. In Singapore, one out of every 319.2 e-mails contained a virus in a period when the total spam volume globally increased by about 25%.

In February, the most spammed industry, with a spam rate of 93.1%, was the engineering sector. Spam levels for the education sector were 90.8%, 89.3% for the chemical and pharmaceutical sector, 89.8% for IT services, 91.1% for retail, 87.6% for the public sector and 88.4% for finance.[...]
|
|
Rating: 12345
 

Security tips for large and small businesses

(Steven Andrés, PC World) Whether your business is a big fish or a small-fry home office, you can get hacked just the same, and the stakes are higher than a few canceled credit cards. Here are a few tips to protect your users and your networks - steps that even enterprise-class security specialists may slip up on.

Steps for small businesses and enterprise-class security specialists:
  1. Know Who Might Be Targeted - and How and Why
  2. Don't Take the Bait
  3. Use Unique Email Addresses to Keep Password Reset Emails at Bay
  4. Don't click on anything in email
  5. Patch Early, Patch Often
  6. Don't Let Bob Stop You From Running a Secure Network
  7. The P of P2P Is Personal, Not Business
  8. Nail Down Your Network
Read more by following the "full article" link.
|
|
Rating: 12345
 

America's 10 most wanted botnets

(Ellen Messmer, Network World) Botnet attacks are increasing, as cybercrime gangs use compromised computers to send spam, steal personal data, perpetrate click fraud and clobber Web sites in denial-of-service attacks. Ranked by size and strength, these article presents the 10 most damaging botnets in the U.S.

1. Zeus
Compromised U.S. computers: 3.6 million. Main crime use: The Zeus Trojan uses key-logging techniques to steal sensitive data such as user names, passwords, account numbers and credit card numbers.
2. Koobface
Compromised U.S. computers: 2.9 million. Main crime use: This malware spreads via social networking sites with faked messages or comments from "friends."
3. TidServ
Compromised U.S. computers: 1.5 million. Main crime use: This downloader Trojan spreads through spam e-mail, arriving as an attachment.[...]

Read more by following the "full article" link.
|
|
Rating: 12345
 

Spammers exploiting more news stories

(Lance Whitney, CNET News) "Bomb Blast." "Jackson is still alive: proof." "Obama cursed by Pope." These are just a few of the subjects used by cybercriminals last year to trick people into opening malware-infected e-mails.

Spam that uses the latest news headlines was just one of the hot trends last year in the world of cybercrime, according to McAfee's "Q4 Threats Report", released Tuesday. The latest threat assessment also noted a rise in "hacktivism," or politically motivated cyberattacks.

Though spam levels in the fourth quarter actually dropped by 24% from the third quarter, the daily volume of junk mail around the world still averaged 135.5 billion per day. To reach that level, spammers relied heavily on news stories, especially tragedies.


|
|
Rating: 12345
 

5 ways to protect & hide your email to stop receiving spam

(Tina, makeuseof.com) While spam protection has become quite effective at recognizing unsolicited bulk email, it’s still impossible to filter out and stop receiving spam. The easiest way is to control the information you’re releasing about yourself.

Besides regular spam, you receive a lot of advertising in your inbox. Although these emails are often personalized, they still classify as spam. However, these emails were usually created based on information you made available about yourself, rather than straight forward email guessing.

Hence, in order to stop receiving spam, you must protect and hide your email address, by:

1. Scrambling it
2. Hiding it in an image
3. Encoding it
4. Hiding it behind a test
5. Not sharing it [...]

Read more by following the full article link.
|
|
Rating: 12345
 

Defining and designing email security

(by hjkim, MailRadar Community) When most people think about email security, they think in terms of virus and spam protection. The typical questions are: 'How do I protect my users from viruses and spam?', 'What about phishing?', 'How are Trojans and other threats stopped?'. What is missing is a comprehensive, holistic approach to email security.

The above are some of the issues that a company needs to consider. However, there are many other issues that need to be addressed:

  1. Educating the employees and helping them understand how security affects their livelihood
  2. Reviewing physical security regularly
  3. Checking the network security
  4. Validating the administrators managing your email server
  5. Software security


Email security encompasses much more than just anti-virus and spam protection. The biggest threat does not occur outside of the company; most of the threats are within the company where information can be easily shared and hacked.


 
 
|
|
Rating: 12345
 

Spam traps catch 95% of email sent

(Matthew Broersma, ZDNet UK) Less than five percent of all email is delivered to mailboxes, as the rest is junk blocked by spam-fighting efforts, according to Enisa, the European Network and Information Security Agency.

While anti-spam measures are well used by providers, junk email remains a key problem for them and takes up a large part of their annual budgets, according to the report. [...] One-quarter of very small providers said they spent more than €10,000 (£8,700) per year on fighting spam, and one-third of very large providers invested more than €1m per year.

"The data on aborted SMTP connections and filtered emails seems to show that anti-spam measures are currently highly effective," study says. The result is that only 4.4% of all email was delivered, down from 6% in Enisa's last spam report 2 years ago.

The agency noted that many providers, though not all, currently use collaborative measures to fight junk mail, such as working with spam-sending ISPs to eliminate the problem. It recommended that more service providers should work together on the problem.
|
|
Rating: 12345
 

10 email scams to watch out for

(Debra Littlejohn Shinder, TechRepublic) If it seems like you’re getting hit with more email scams than ever, you’re right. Email scams have been with us since the Internet went commercial back in the early 1990s. But scammers have gotten more sophisticated, and some of the more recent email scams are harder to detect — unless you know what you’re looking for.

Let’s look at some of the email scams that are currently going around the Internet and how you (and your users) can recognize them and keep from being victimized by them:
  1. Fake Facebook “friend” messages
  2. Fake admin messages
  3. Fear-mongering messages
  4. Account cancellation scams
  5. Bogus holiday cards
  6. Phantom packages
  7. Threats from the government
  8. Census survey says…
  9. In Microsoft (or Apple or Dell or HP) we trust
  10. You’re a winner! [...]
View the original article and learn more about email scams by clicking on the "full article" link.
|
|
Rating: 12345
 

Identity Confirmation - Challenge / Response anti-spam filtering with a twist

This article performs a comprehensive analysis of Axigen Identity Confirmation© - a Challenge / Response-based anti-spam system embedded in the Axigen solution. It is a pertinent presentation of the concept, characteristics and benefits entailed by Identity Confirmation in the context of the overall existing Challenge / Response anti-spam filtering technology and the way it has been, until now, approached and made available to the general public.

It is not a matter of novelty to any efficiency-oriented business professional that in nowadays email communication environment, the security issue is not one to ignore. Particularly when talking about the fast-adapting spamming methods which, at the spam-receiving end, can easily be translated as detrimental to the general productivity (therefore wasted) time.

On the other hand, anti-spam measures are constantly implemented, and filters consistently improving. However, the ongoing spam problem has been gaining a lot of ground lately as spammers keep changing tactics frequently enough to make even the best, most adaptive filtering systems unable to cope. The spam-increasing situation has been heavily tackled with for several years now, and strong voices emerged, stating that the best anti-spam approach might not be filtering at all, but a Challenge / Response (C/R) system.
|
|
Rating: 12345
 

Introduction to Innovative Mail Filtering with AXIGEN

The problem with electronic mail today
Email is not what it was supposed to be. Its inventors have not foreseen the dan¬gers associated with this new form of communication. Means of protection were added later on, but do little to protect people’s mailboxes. As a result, most of the mail traffic these days is unwanted: spam, malware, phishing. How can we use the AXIGEN Mail Server and existing free anti-spam, antivirus and anti-phishing software and technologies so that the result is more than the sum of the parts?

Traditional filtering in AXIGEN
From its very beginnings, AXIGEN has integrated open-source filters such as SpamAssassin and ClamAV and has used the fastest way to process mails through them by interfacing with their daemons directly. But this usage scenario had a major downside: mail messages were scanned in the queue, after having been accepted by the mail server. As a result, “Spam” folders had the tendency to grow indefinitely and waste space in the server storage and backup mediums.

A new approach to email filtering
Starting with version 6.2.2, AXIGEN can integrate with a Milter filter at the SMTP level, enabling scanning of the incoming SMTP connections. The possibility to scan a message before receiving it opens up new perspectives, as it enables us to refuse a message if the content filters strongly indicate that the scanned message is unwanted.

Let’s take a simple example, in which the decision to reject a mail was taken by the Milter filter by evaluating the results of the antivirus scanner. Why would this be a better choice than quarantining, for example, or tagging?

For one thing, we do not accept the message and no further resources are allocated to this mail: processing, storage, backup, double-checks etc. For unwanted traffic, this is a very good thing as it minimizes your problems. However, what happens if, unfortunately, the refused message is a legitimate mail? Let’s compare the three valid choices: quarantining, tagging or refusing the message.
  • Quarantining means that the unwanted mail would end up in a rather large quarantined space. Suppose we only do this for malware as detected by an antivirus content filter: viruses, worms, phishing. Can we alert the receiver for every quarantined mail that was heading to their inbox? Realistically, no, because the malware traffic can reach really high levels. Add to this that almost all of it is spoofed and you risk to get into situations in which innocent people are blamed for spreading malware, when their only fault would be the fact that their address is known by spammers. So, when a mail is quarantined, neither the sender, nor the recipients are usually aware of it. If through some other means one or both of them find out about the missing mail, typically the receiver will have to alert his/her administrator of the mishap in order to gain access to the quarantined mail.

  • Tagging, often applied to spam messages, means the message will usually end up in a sub-folder of the recipient’s mailbox, typically named “Spam”. He/she may or may not check that folder for false positives, but as no filter is perfect, sooner or later some legitimate mail will end up in “Spam”. When that happens, neither the sender, nor the recipient will be aware of it. If through some other means, one or both of them find out about the missing mail, the receiver will usually have to dig through its spam folder to find the legitimate mail. This may be quick if he/she knows the exact coordinates of that mail (sender, date, subject), or may be a daunting task if the “Spam” folder is rather large and the data is very vague (eg. "Should have received a mail from a South American company with some financial info").
To learn more about our innovative, Milter-based filtering, please continue to read this whitepaper by clicking here: Innovative Mail Filtering, or contact us at: sales@axigen.com. We also invite you to sign up to our free, live webinar organized in partnership with the The Radicati Group:


About AXIGEN and Gecad Technologies
Gecad Technologies SA is the vendor of AXIGEN, a professional messaging solution that ensures an efficient and secure worldwide communication environment and business growth for both service providers and companies of all sizes. Our cutting-edge products, based on proprietary architectures such as AXIGEN GrowSecure™, AXIGEN SmartProcessing™ and AXIGEN UltraStorage™, are currently distributed internationally by over 170 partners from 80 countries, managing email traffic for more than 11,000 companies with 6 million end-users. For further details, please visit www.axigen.com
|
|
Rating: 12345
 

Making Sense Of E-Mail Threats

(Samara Lynn, ChannelWeb) In light of all the ongoing, and terrible, security trends and case studies involving credit-card-number theft, bot attacks and remote execution of malicious code, e-mail spam seems more like a minor nuisance rather than an outright data threat by comparison.

Spam, however, is undeniably part of the threat landscape. Viruses can piggyback on it, but more often than not, spam can build up at exponential rates that may cost users hours in lost productivity as they attempt to rid their e-mail boxes of it.
Spam buildup can also be indicative of holes in a network's security defense. Spammers will often take advantage of open ports on misconfigured firewalls and SMTP servers to relay their annoying messages.

There are lots of products out there to combat spam. Many of them are bundled as all-in-one security solutions that include antimalware, firewall and Web filtering services.
|
|
Rating: 12345
 

Expand Your Mail Server to Suit Your Needs

Lately, more and more companies that rely on IT services have begun to understand the true benefits of network subsystem interaction. Some of the well established examples are already accepted as being the de facto way of doing things. To a lot of people, the Apache integration with MySQL or PHP is no longer considered to be a bunch of independent software packages that cooperate. This cooperation is so productive that everything got merged into a single concept: the AMP (i.e. LAMP, WAMP etc.).

Along the same lines, the AXIGEN electronic messaging system can be expanded to provide external applications with the information required to perform advanced tasks in a very productive and cost effective way. You should bear in mind that some of the expansion methods described in this article are generic and can be applied to various situations while others are very specific.
|
|
Rating: 12345
 

Spammers Find a Home on Microsoft Live

Someone hasn't been tightening their anti-spam belt it seems...

(Stuart J. Johnston, www.enterpriseitplanet.com) "Spamhaus.org, an organization that tracks and analyzes spam traffic, has fingered Microsoft as the fifth most spammer-friendly e-mail service in the world.

The problem has to do with spammers using Microsoft's Live services as a portal to send their unwanted messages. Spamhaus officials say they have repeatedly notified Microsoft that it should block those spam avenues -- but without any response.

In Microsoft's case, the problems apparently emanate from Microsoft's Windows Live Spaces and other Windows Live services. Spam and scams sent out from the sites run the gamut, according to Spamhaus.

The company did not say whether it plans specific activities to address the allegations by Geneva-based Spamhaus, which since 1998 has been tracking spam operations, maintaining blacklists of suspected spammers or compromised mailservers and working with public officials to target online scammers."

See the full article for more info and statements from the Microsoft people!

|
|
Rating: 12345
 

Spam Still On The Skids

(By David Hamilton, theWHIR.com) Two weeks since web hosting provider McColo - the alleged host to some of the most heinous criminals on the Internet - went offline, analytics firms across the web have found that global volume of spam has dropped by up to 75 percent and is staying low.

After staking out McColo (www.mccolo.com) for the past four months, the Washington Post's Security Fix blog found that the San Jose host was likely hosting "some of the most disreputable cyber-criminal gangs in business today," including child pornography, anti-virus scams and malicious software, which has stolen banking and credit card information from more than half a million people. Security Fix blogger Brian Krebs informed two of its upstream Internet providers, which subsequently ceased their service to McColo.

Since effectively blowing the whistle on McColo, Krebs has found spam levels have been remaining low. Citing email security firm IronPort's (www.ironport.com) reports that it blocked around 35 billion junk emails Monday, down from weeks ago when it would have typically flagged roughly 160 billion messages daily. He also noted that Spamcop.net's reports show spam volumes "well below half" the levels reported before McColo was taken down.
|
|
Rating: 12345
 

Global Spam Falls by 70% as US Hosting Firm Shut Down

Well it looks like there's no stranger-danger when it comes to spam in the US. The generous amount of medicine, appendix enlargers and luxury items offered to you in unsolicited emails used to stream from the bosom of US spam-sugar-mamma McColo Corporation...

(Money.co.uk)"This week saw global spam levels drop significantly after two major US internet providers pulled the plug on spurious hosting firm McColo.

In the immediate aftermath anti-spam firms reported an astounding 70% reduction in the amount of junk mail in circulation.

Californian based McColo is believed to have hosted domains for spam gangs running some of the most prolific spam-producing botnets in the world, in addition to a number of fake pharmacy, antivirus, designer goods and child pornography sites.

ISPs Global Crossing and Hurricane Electric, who were together responsible for providing 90% of McColo’s access to the wider internet, shut off the firms access on Tuesday after receiving a detailed report from the Washington Post. The report culminated a four month investigation by Security Fix, the newspaper's security blog, into activity emanating from McColo-hosted domains.

While it is yet unclear as to whether McColo will be officially investigated and held legally responsible for the immoral activities of its clients, the company have responded by shutting down all operations."

But don't be fooled by the fall of one head of the hydra; even if it is a big one. McColo is soon to be replaced by other web hosting companies fronting for big-time spammers. Luckily there is hope still. If you want a safe haven against spam, know that Axigen is capable to integrate multiple antivirus and antispam applications at server level or SMTP level, building filtering chains that can be applied differentially at server or even domain level. How's that for proctection ?

|
|
Rating: 12345
 

India is the Number One Spamming Nation in Asia

(CRN Network) According to Trend Micro, India is the seventh largest spam sender in the world. It is the leader among Asian countries in spam, accounting for more than 4 percent of the total global spam. It is ahead of other Asian countries such as China (3.39 percent), Republic of Korea (2.57 percent) and Thailand (2.04 percent). Asia contributes 16.57 percent of the global spam volume. [...]

Globally, the Russian Federation heads the list of spammers accounting for more than 11 percent of total spam, followed by the United States of America at 9.36 percent. Trend Micro reports that the Bric countries (Brazil, Russia, India and China) together account for around 20 percent of all spam. Experts at Trend Micro further indicate that spam from emerging markets will continue to grow till the proper Internet infrastructure is in place. The world’s top 10 spam relaying countries account for about 57.4 percent of the global spam volumes.[...]
|
|
Rating: 12345
 

Eight crazy e-mail hoaxes millions have fallen for

(ComputerWorld) Congratulations, you won the lottery in a country whose name you can't even pronounce! A wealthy oil executive in a far-off land wants to give you millions of dollars, right now! Sexy girls want to meet you!

Now let's be honest. If someone came to your door and told you any of those things, you'd tell him to get lost. So why do people still fall for this stuff when it's in their e-mail, as if a poorly written message made a weird-sounding pitch any more legitimate?

The saddest part is, the only reason annoying e-mail keeps filling your in-box is because it works. No matter the number of reports detailing e-mail hoaxes gone bad and tales of spammers taking people for all they're worth, people just keep on clicking.  Why? It's the law of percentages. The response rate for snail-mail spam is between 0.5% and 1%. That might not sound like a lot, but if you apply it to e-mail, it means a spammer can send 1 million messages -- without the cost of paper and postage -- and 5,000 to 10,000 people will answer. In fact, a study out this month indicates that nearly 30% of Internet users confessed to purchasing something from spam e-mail.
|
|
Rating: 12345
 

Google Sees Massive Spam Spike

Spam is once again on the rise, and this time it's apparently being fueled by spam vendors that can't scale. That's the accusation being leveled by Google, which today revealed some surprising new spam figures.

The fight against spam has increased in traction for Google (NASDAQ: GOOG) with the acquisition of vendor Postini for $625 million last year.

Time of year plays a role in the increased volume of spam seen in July, according to Sundar Raghavan, a product marketing manager with the Google Apps Security & Compliance team

"Historically every summer there is increased activity in terms of spam volume, but the sophistication they are using this time around seems to be more robust," he told InternetNews.com.

"Between July and August we have started to see a very interesting pattern in term of volume and sophistication of e-mail threats incoming," Raghavan said. "Around July 20 we started seeing a spoofed UPS tracking e-mail messages going to users. On July 24 saw a peak of 10 million messages."
|
|
Rating: 12345
 

Email Threats Trend Report

Panda Security and Commtouch have jointly issued an Email Threats Trend Report for the second quarter of 2008. Here are the major findings of the report, as released by the two companies:

  - Spam levels throughout the second quarter averaged 77%, ranging from a low of 64% to a peak of 94% of all email towards the end of the quarter
  - Top domains hosting zombies include: Telecom Italia, Brasil Telecom, and Verizon
  - 10 million zombie IP addresses are active each day, on average
  - United States dropped to 9th place in number of zombies globally. Turkey is #1 with 11% of all zombies
  - Pharmaceutical spam is the most popular topic, comprising 40% of all spam
  - Phishing scams took advantage of the higher education community, as well as Google adwords users
  - Spammers experimented with vertical display in Chinese-language spam
|
|
Rating: 12345
 

Malicious Spam Traffic Triples in One Week

Sudden massive bot recruitment campaign by Srizbi botnet drives malicious spam up 9.9%, according to researchers at Marshal

A massive bot recruitment campaign appears to be behind a record surge early this month in the volume of malicious spam -- from 3 percent of all spam traffic to nearly 10 percent, according to researchers with  Marshal’s TRACE team .

The Srizbi botnet, which has been making bigger waves these days than the fizzling Storm botnet, is the main driver of this malware-laden spam, according to Marshal, which says malicious spam traffic tripled within just one week. Srizbi is behind nearly half of all spam, malicious or otherwise, according to the researchers.

“When you see a 9.9 percent jump in one week, that’s significant. They either accidentally sent out too much spam or are on an ambitious recruitment drive at the moment,” says Bradley Anstis, vice president of products for Marshal. Anstis says he thinks it’s more the latter.

MX Logic last week reported a worm that had generated over 8 million spam messages in an apparent attempt to recruit bots for Srizbi.
|
|
Rating: 12345
 

And Still the Spam Comes...

Tech vendors have made headway in the war on spam, yet spammers are returning volley with sheer numbers. Perhaps it's time for more drastic measures?

"The biggest reason we're not winning the war on spam has little to do with the anti-spam vendors," says Logan Harbaugh, a Test Center analyst. "It's more about the ever-increasing volume of spam."

Anti-spam email appliances work anonymously on the frontlines of IT security, blocking millions of pieces of spam (or unwanted e-mail) every day. And anti-spam vendors are doing a decent job: According to the Test Center, email appliances today catch an average of 96.1 per cent of spam, up from 95 per cent two years ago.

But vendor advancements pale in comparison to the swelling ranks of spammers. A Symantec report released this month shows that spam is on the rise. In March, more than 80 per cent of all email was spam, up from 78.5 per cent in January and February. Overall, spam volume is up 20 per cent compared to last year. The report also warns of a popular spammer trick called backscattering, which is the practice of bouncing emails around the globe until they're received.
|
|
Rating: 12345
 

100 E-mail Bouncebacks? You' ve Been Backscattered.

E-mail users are receiving an increasing number of bounceback spam, known as backscatter, and security experts say this kind of spam is growing

The bounceback email messages come in at a trickle, maybe one or two every hour. The subject lines are disquieting: "Cyails, Vygara nad Levytar," "UNSOLICITED BULK EMAIL, apparently from you."

You eye your computer screen; you're nervous. What's going on ? Have you been hacked? Are you some kind of zombie botnet spammer? Nope, you're just getting a little backscatter -- bounceback messages from legitimate e-mail servers that have been fooled by the spammers.

Spammers like to put fake information in their e-mail messages in order to sneak them past e-mail filters. Because e-mail filters now just delete messages that come from nonexistent domains, the spammers like to make their messages look like they come from real e-mail addresses. That means, if your e-mail address has been published on the Web somewhere, you're a prime candidate for backscattering.
|
|
Rating: 12345
 

How to Stop Spam Disguised as Business Email

Small businesses are indeed the latest target for spammers. Most small businesses -- unlike their big business counterparts -- have less sophisticated anti-spam protection, and spammers have shifted their tactics to take advantage of an easier target.

Unwanted email is a threat to both productivity and security. Spam now comprises more than 50 percent of all enterprise email and represents somewhere between 40 and 70 percent of all Internet traffic. Some data show that more than 30 percent of spam is generated by virus-infected computers, and more than 30 percent of viruses are propagated by spam.

The increasing interconnectedness of big businesses with small businesses, which are employing at best basic desktop antivirus defenses and very little spam protection, means that a large percentage of spam, virus, and blended attacks are spawned small businesses.
|
|
Rating: 12345
 

Spam Hits an All-Time High

But it’s not a losing battle. New technology can filter out more than 97 percent of spam — without axing legitimate messages.

SoftScan, a European managed-security services provider focused on messaging, reported that spam levels dipped slightly in January to 96.8 percent of all email scanned, compared with 97.02 percent in December 2007.

While SoftScan’s reported drop isn’t much of a break in unsolicited email (the company describes it as a “lull before the next surge”), other observers failed to detect even a limited respite.

“While logic would dictate that spam levels would subside after the holidays, they’ve continued to soar and reached 78.5 percent of all email traffic during January,” Symantec Corp. noted in its recent spam report.
|
|
Rating: 12345
 

Gone Phishing

Dead giveaways that an email is bogus — or phishing to steal your identity.

Each day, most Internet users are assaulted by "important" emails that require "immediate attention" about some type of banking or e-commerce matter. The email urges you to click a link to go to the company's site to straighten out the problem. The catch is that the link takes you to a site that has been designed to look exactly like the real company's site, but is instead just a front for gathering personal information.

Most financial or commercial crisis messages are bogus, but a few might not be. So how do you sort out the real email from the garbage? These tips from the Anti-Phishing Working Group can keep you from getting hooked as another phishing victim:

    - Be automatically suspicious of any email with urgent requests for personal financial information.
    - Don't use the links in an email, instant message or chat to get to any Web page if you suspect the message might not be authentic or you don't know the sender or user's name.
|
|
Rating: 12345
 

ISPs Need To Overhaul Spam Reporting System, Survey Reveals

The definition of SPAM has changed from the permission-based regulatory definition of "unsolicited commercial email" to a subjective, perception-based definition centered on consumer dissatisfaction, according to a recent survey.

Jointly conducted by Chicago-based Q Interactive and Warren, R.I.-based MarketingSherpa, the survey's goal was to reveal consumers' perceptions of what they consider to be spam, why they report emails as spam and what they think happens when the "report spam" button is clicked.

An overwhelming number of consumers misuse and misunderstand the definition of spam, ultimately hurting legitimate marketers--but also consumers themselves who are seeking the messages they want, but instead are automatically being unsubscribed.

There is confusion among consumers regarding what they believe will happen as a result of clicking the "report spam" button. Over half of respondents (56%) reported it will "filter all email from that sender"--while 21% believe it will notify the sender that the recipient did not find that specific email useful, so the sender will "do a better job of mailing me" in the future. About 47% believe they will be unsubscribed from the list by clicking "report spam."
|
|
Rating: 12345
 

Organizing IT Chaos through Email Authentication

Authentication provides email senders and receivers some additional ways of differentiating legitimate email from spam, phishing and other forms of fraudulent email that threaten the safety of consumer and damage the reputation of the brands whose domain names are abused.

But wait, there's more!

Undertaking the sometimes daunting task of deploying authentication also provides a great excuse for IT managers to begin tackling the unruly and sprawling beast that is today's modern corporate email infrastructure.

One of the benefits of deploying authentication is that it necessarily requires you to survey – and perhaps rein in – all of the ways the organization uses email. Thus this process provides IT managers with an excellent opportunity to bring some order, or at least some understanding, to what can sometimes be a chaotic mess.
|
|
Rating: 12345
 

How Spammers Identify Their Targets

Ask any Internet user what they hate most about being online and you will usually hear an earful about spam. Spam is considered by many to be the scourge of the Internet. It is certainly a costly problem, both in time and in the costs organizations expend to fight it.

The first, and least common, is spammers that obtain temporary legal and real accounts with ISPs. This is less common because most ISPs quickly shut down these accounts. There are a few ISPs that turn a blind eye, but they are likely already known and blacklisted.

The second method used to send spam is through compromised hosts, usually workstations and home computers on high-speed connections such as DSL or cable modems. These systems are usually compromised and have become part of large networks of zombie systems called bot-nets.
|
|
Rating: 12345
 

Fighting Phishing Scams

Phishing is one of the most prevalent of all Internet scams. At any one time, a large number of major financial institutions and online entities around the world will be the target of phishing scammers. Some high profile institutions such as Citibank and PayPal are targeted almost continually. Phishing scams attempt to trick people into providing sensitive personal information such as credit card or banking details.

Phishing scams, exposed. Read about:
How Phishing Scams Work, How Scammers use Information Harvested from Phishing Scams, Common Characteristics of Phishing Scam Emails, What to do if you Receive a Suspected Phishing Scam, What to do if you Have Already Been Tricked into Submitted Information, How to Avoid Becoming a Victim of a Phishing Scam, and Examples of Phishing Scams.
|
|
Rating: 12345
 

Mail Server Blacklists and Spam

A white-list is a list of email senders whom you trust and would like to receive mail from. Conversely, a blacklist contains those that are not to be trusted. Blacklists need to be configured and administered on a server, at the ISP (Internet Service Provider) level or on your network. If you do not have such access, and most people do not, you can use the blacklists by choosing email services from companies that use such blacklisting techniques.

A mail server is designated as having an open relay when mail is processed in a location that is not local to either the sender or receiver. The mail server is unrelated to either party, and as such, has no business processing that email. Think of driving from your home in Washington, DC to your friend's home in Boston. If you pass through New York City on the way, that is to be expected. However, if you stop in Dallas, the route becomes suspect. An open relay mail server, whether intentional or not, is allowing mail to be routed through it that shouldn't be.
|
|
Rating: 12345
 

Europe's The New Spam Capital - Symantec Report

Don't be surprised if you see a Valentine's spam originating from Europe that was linked on Google.

Symantec's February State of Spam report indicates that attackers are getting more sophisticated and elusive -- sending copious amounts of spam out of Europe and overseas, capitalizing on holidays and tax season and finding ways to get their sites at the top of the Google pages.[...]

Some of the those tactics include diversifying their geographic locations. Researchers found that European countries are hosting unprecedented amounts of spam compared to months and years past. The number of spam messages originating from Europe surpassed that of North America for the third month in a row, reaching approximately 44 percent of total spam, compared to spam sent from North America which composed about 35.1 percent.
|
|
Rating: 12345
 

Are Botnets Beating Us in the War on Spam?

How can we stop the madness? TQMCube’s David Hart, who currently runs a DNS blackhole list as an atonement of sorts for formerly serving as a consultant for a spammer, thinks that ISPs should simply block all unauthorized traffic on port 25, which computers use to send email. He believes that any port 25 traffic not destined for an ISP’s own mail server and accompanied with an authorized user name and password should be rejected.

Brian Livingston thinks the U.S. deserves a lot of the blame for having a weak spam law. The Can-Spam Act actually makes sending spam legal as long as the sender includes a street address and links to an unsubscribe process. While making spam illegal in the U.S. won’t wipe out the problem, “trying to stop shadowy, profitable activities is almost impossible if they aren’t illegal,” Livingston notes. “Only the existence of a Virginia law with real teeth tripped up Jeremy Jaymes [a notorious spammer]. A strong U.S. law could go a long way towards catching even more spammers.”

Meanwhile, some security vendors have released anti-botnet products, such as Trend Micro’s InterCloud Security Service for large network providers. The service identifies zombies on a network and can help stop them in real time. Trend Micro also says it has an anti-spam product that can detect and filter image spam.

|
|
Rating: 12345
 

The Real Cost of Spam

Spam may be cheap for the people who send it, but it can be a serious expense for your business. According to a study conducted earlier this year by Nucleus Research Inc., spam management costs U.S. businesses more than $71 billion annually in lost productivity — $712 per employee.

Here's a quick look at the various ways that spam drains your company's bank account and how you can calculate the real cost to your business.

Anti-Spam Technology: Spam-fighting products and services are a big business, and anti-spam vendors aren't generating their revenue from the people sending junk email. Most companies not only spend thousands of dollars on anti-spam software and hardware solutions, but they also drop cash on employees and consultants to plan, deploy and maintain the technologies.

Lost Productivity: Spam wastes employees' time. The average employee spends 16 seconds reviewing and deleting each spam message, according to Nucleus Research. The company estimates that at businesses that quarantine spam (where junk messages are placed in a directory for review and confirmation by recipients), each user spends an average of 4.5 minutes per week reviewing messages. Deleting messages, however, turns out to be the most expensive spam strategy. The average employee at companies that delete spam messages loses an average of 7.3 minutes per week looking for lost legitimate messages.
|
|
Rating: 12345
 

Spam countermeasures and blocking mechanisms

In today's Internet environment, the spam issue cannot be eliminated 100%. It is a new problem, for which no conventional solutions have yet been designed. To address this increasing issue, many solutions for the stages before and after accepting mail messages were designed, to ensure most of the spam messages do not get to reach users’ mailboxes.

This article will focus on the most relevant ones, with a high degree of usability.
|
|
Rating: 12345
 

Spammer tactics of circumventing filtering

This article will focus on the tactics used by spammers to successfully deliver a mail message to the mailboxes on your server, despite any implemented sorting or blocking filters.
|
|
Rating: 12345
 

Spam overview and spam types

Just as the title implies, this article will focus on SPAM messages, on the "know your enemy" principle. We will first describe the different types of spam, to then move to analyzing the issue in perspective, and in detail.

The purpose of spam messages is marketing (advertising to be more precise), corresponding to the conventional ways of advertising, when you are normally able to choose which adverts you want to watch or not. Internet advertising has more options than the conventional ways, since no physical boundaries can be used to accurately select or sort the content (you cannot put a doorman to your server that is able to let the mailman in and keep the flier guys out), the virtual world offers new ways of doing advertising.
|
|
Rating: 12345
 

Preventing spam bots from hijacking an enterprise network

Here is an article I found on SearchSecurity.com (TechTarget), about how to prevent spam bots from hijacking an enterprise network. I think you will find it interesting and useful:

"Despite Bill Gates' assertion in 2004 that the problem of spam would be solved by now, it's still with us. In fact, it's on the increase. According to recent figures from Symantec, 61% of emails are spam, and almost 90% of emails emanating from some countries are spam.
|
|
Rating: 12345
 

Introduction to Antispam Practices

Competitive Antispam products, proper legislation, efforts towards a better user education, it has all been tried in order to stop spam. However, unsolicited emails keep consuming the space and time of all email users. Moreover, spam messages can be the cause of serious virus and spyware outbreaks, while others “phish” for sensitive information like bank accounts and passwords.
|
|
Rating: 12345
 

Eliminating the threat of spam email attacks

All the spam I am getting in my inbox has made me look into some more effective antispam tools. While googling for more information, I came across this article about SpamAssassin. It looks good so far. Here is the article in full, written by Scott Sidel:

Spam isn't just about deposed Nigerian dictators who want to send you millions of dollars. Spam emails often contain malicious code, viruses, phishing attacks, and drive-by Trojans -- not to mention some inappropriate content. One of the best weapons available to defend your systems against spam is the open source software SpamAssassin.
|
|
Rating: 12345
 
Close send to email window
 



Verification code

Already a member?
Blacklist monitoring alerts
sign up Signup for our real-time monitoring service and receive email notifications each time one of your IPs gets blacklisted.
Free Signup
Mail Server Operating System Poll
.01

What OS do you use for your email server?
Linux
Windows
Other
disabled next
.02

How many mailboxes do you currently manage?
1-50
51-300
300+
previous next
.03

Would you like to comment upon the choosing of this particular OS?

previous
 
DNS Tools
Get IP status, owner and location, obtain its corresponding hostname or check specific ports.
Ping Statistics
Reverse DNS Lookup
Whois Info (IP owner)
GeoIP Information
Check Port
Open Relay Test
Test if your mail server is an open relay for spammers.
Blacklist Checker
Check if your IP is listed in DNS based email blacklists (DNSBL)