Protecting Yourself From Evolving Forms of Spam
Spam is not new. Unsolicited advertising, bandwidth hogging, and decreases in productivity have been annoying users for several years - and in 2006, spam continued to rise. On average, Trend Micro has identified more than two million different pieces of spam flooding the Internet each month.
How Spam is Evolving
One factor behind this spike involves the ways in which botmasters leverage their botnets to propagate spam. In this scenario, the email origination point constantly shifts among members of the botnet making blacklisting as a defensive tactic nearly impossible. Similar instances of using malware as a spamming platform have also been observed. The best example involves the STRAT worm, which appeared in the third and fourth quarters of 2006. This worm behaved very much like a typical, fast-spreading mass-mailing worm, with a special twist: it spammed advertisements for an online pharmacy from each infected host. The NUWAR worm also used infected machines as spam-sending platforms. Trend Micro predicts this is not the last time such a plot will exhibit itself, which bodes poorly for all email users and their inboxes.
Spammer worms also leverage the latest mass-mailing technique: image spam. In 2006, in order to bypass spam filters, spammers revived an old trick that has now become quite common: placing email advertising text within an image, and scattering random elements such as dots or lines throughout the text. The resulting complexity of such emails makes it difficult for heuristic engines and other anti-spam vehicles to detect image spam.
Best Practices
The best approach to preventing spam from entering an organization is to block it at the perimeter, before it can reach an organization's messaging server. This is best accomplished through the use of reputation services, which are designed to accurately identify spammers and block their emails.
Reputation services work by leveraging a company's customer, partner, supplier base, or research lab to monitor messaging traffic. Effective reputation services collect an email history and email samples from sending IP addresses, enabling them to keep track of which IPs and domains are sending legitimate and illegitimate email.
The main benefit of reputation services is that they do not rely on complex scanning engines at the organizational level, such as heuristics engines which can filter messages on thousands of criteria. Ultimately, heuristics and statistical engines can detect spam quite effectively, but with rapidly increasing daily messaging traffic, this will generally result in higher bandwidth costs and slower message delivery, especially when inundated with high levels of traffic.
Reputation services, on the other hand, have little effect on email delivery (and in fact, improve email delivery), and can eliminate a majority of spam messages before they reach the network. By eliminating much of the traffic that impacts an organization's email security systems, reputation services are a perfect complement to heuristics and statistical filters.
