Image Spam - A Growing Challenge

Image spam becoming a growing challenge:

There are hundreds of millions of spam email messages being sent every day. This has been a significant problem as spam covers 90% of all emails worldwide. Now this has become an even bigger challenge due to increased volume of image spam.

Image spam is a serious and growing problem, not least because of its ability to circumvent traditional email spam filters to clog servers and inboxes. In just half a year, the problem of image spam has become general enough to be representative of 35 per cent of all junk mail. Not only this, but image spam is taking up 70 per cent of the bandwidth bulge on account of the large file sizes every single one represents.

Apart from taking up valuable bandwidth, the time taken to filter out and destroy spam represents a significant burden on both IT staff and personnel in businesses and organizations. At the same time, operators themselves are building ever more efficient email servers and bandwidth capacity in order to deliver emails that nobody wants

Ironically, at the heart of the problem are ordinary computer owners completely unaware that their computers are being used to launch the very attacks that end up in their inboxes. This is achieved through botnets, where computers are silently infected and activated as part of a larger raft of computers to do the spammers' bidding. Vast majority of all the spam is being sent from these botnets of zombie computers.

To give some idea about the scale of the problem a typical Warezov-based botnet can send 160 million spam messages in just two hours. And last year botnets raised the volume of spam in circulation by 30 per cent. For enterprises, often the target of spam attacks, that figure was 50 per cent.

Spam originally used basic text captured in a GIF image to bypass standard dictionary-based content filters but this has now morphed into image spam. Image spam is characterized by patchwork colours, multicolour characters with pixel-level randomization. It also features the use of random nonsensical text messages sampled from legitimate web sites between the hard sell of products like Viagra and other popular pharmaceuticals.

From : F-Secure.com

Security threats for Company Networks

Security threats to Protect Networks from in 2007

According to GFI, a leading provider of network security, content security and messaging software, every IT manager should make it part of their New Year's Resolution to protect their networks from the following threats in 2007:

Piracy: To protect themselves from legal action companies need to monitor networks more effectively, to ensure employees do not copy illegal material

Targeted data theft: Even more then before crime cartels are realising that information can be as valuable, if not even more so, than drugs and weapons so companies need to take adequate steps to protect data

Phishing: This is an easy way for criminals to harvest credit card and other personal information and companies need to protect themselves from such threats

USB: The proliferation of USB devices and improvements in storage technology lead to the inevitability that targeted attacks using techniques such as hacksaw or pod slurping will increase

Malware: Although Microsoft Vista is more secure, third-party software can be targeted as a means of infecting a system through the back door. Security vendors need to catch up, and quickly

Vista IPv6 Windows Internet Computer Name: This technology will allow every Vista installation to have its own internet domain name, exposing users to the threat of "man-in-the-middle" attacks and spoofing. While users will have the option of two running modes, the secure mode is just too complex for most users, making it unlikely that many people will choose that option

Wireless: Is the next evolutionary step of pod slurping and hacksaw-like attacks that they will involve wireless devices? Watch out for this in 2007.

Games Consoles: Playstation 3 and Xbox 360 both have extensive processing power as well internet connections and it is only a matter of time before malicious attacks start targeting these systems with DDOS attacks as well as traditional spam.

Net-Security.org