Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:11 PM
Dark Reading
Dark Reading
Products and Releases

Cyberoam Releases 4Q Email Threat Report

Shutdown of notorious Web host leads to drastic fall in global spam levels; economic recession, Barack Obama, Google Docs leveraged for spam attacks

(22 January, Ahmedabad, India): Cyberoam, a division of Elitecore Technologies and the innovator of identity-based Unified Threat Management (UTM) solutions, today announced the Q4 2008 email threat trend report, prepared in collaboration with its partner Commtouch. The main highlight of the report was a huge drop in global spam in November to its lowest levels at 59%, from an average of 90+% earlier, due to the shutdown of McColo, one of the largest and most notorious spam-friendly web hosting service provider. This decline, bringing spam levels to a third of the normal volumes, was marked by three weeks of significantly lower spam activity, and finally, a slow increase.

Another significant story was the global financial crisis which has become an important pretext for spammers trying to lure unsuspecting email recipients with fake job offers, instant loans and cash advances. Also, in the mean time, people received a flood of US election-related spam and malware, the attackers' motive being to steal personal information through phishing links or to install malicious software in visitors' computers.

Barack Obama, in particular, has caught the attackers' fancy with several outbreaks of spam and malware messages disguised in purported Obama acceptance speech downloads and an Obama sex scandal. The messages were sent from zombies (botnets) which are typically home computers taken over by spammers and malware distributors and are used on and off as they are needed.

Says Abhilash Sonwane, VP-Product Management, Cyberoam, "These attacks are of very short duration and disappear before their signatures are detected. The only protection in such cases is a security solution like Cyberoam that blocks zombie-generated spam based on the sender's reputation rather than rely on signatures."

Topical themes that included Iran, Afghanistan, India, corporations like Sony, spam based on celebrities and known figures like Nicole Kidman, Bill Gates, Bill Clinton and Barack Obama, were all part of the attacks. In their efforts to randomize emails to avoid anti-virus and anti-spam solutions, attackers often changed subjects and bodies. But, sometimes these two didn't match as in the message where a subject line was of Bill Gates and the content was related to Obama.

Spammers used legitimate sites and tools like web-based emails and Google Docs to spread malware. Leveraging Google's strong reputation, attackers sent email messages with Google Docs hyperlinks inside to get past traditional anti-spam methods.

"Hence, it is important that the security solution is based on the pattern of message distribution to detect spam and malware like Cyberoam does with Rapid Pattern Detection (RPD)," says Abhilash Sonwane. "Secondly, content filtering solutions need to go beyond home pages and do run time scanning and categorizing of internal pages too, preventing visitors from entering malware-laden pages within legitimate sites."

Web 2.0 media are seeing an increasing volume of user generated content turning into easy vectors for carrying malicious codes. Chinese characters and image-based spam have made a comeback with attackers devising innovative techniques to confuse anti-spam technologies, e.g. "bending the image at a slight angle".

Streaming media and downloads were among the top 10 web site categories infected with malware and/or manipulated by phishing. Also, Brazil emerged as the leading region in zombie activity. The other top trends included the resurgence of Image spam, spread of Chinese language spam and high turnover of zombies with an average of 280,000 per day.

Cyberoam uses the Commtouch RPDTM technology to analyze large volumes of Internet traffic in real-time. Unlike traditional spam filters, it does not rely on email content, so it is able to detect spam in any language and in every message format (including images, HTML, etc.), non-English characters, single and double byte, etc. Its language and content agnostic nature enables it to provide effective spam blocking capabilities. Cyberoam incorporates this technology within its unique identity-based UTM appliances, which deploy user identity-based functionality across all of its features. A departure from traditional IP address-dependent solutions, Cyberoam determines precisely who is doing what in the network, providing IT managers with stronger policy control and clearer visibility of activity.

About Cyberoam Cyberoam Identity-based UTM appliances offer comprehensive protection against existing and emerging Internet threats, including viruses, worms, Trojans, spyware, phishing, pharming and more. Cyberoam delivers the complete range of security features such as stateful inspection firewall, VPN, gateway anti-virus, gateway anti-malware, gateway anti-spam, intrusion prevention system, content filtering in addition to bandwidth management and multiple link management over a single platform. Cyberoam is certified by the West Coast Labs with CheckMark UTM Level 5 Certification, ICSA Lab, an independent division of Verizon Business, and the Virtual Private Network Consortium. Cyberoam has received the 2008 Emerging Vendor of the Year award by Frost & Sullivan, 2007 Global Excellence Awards for Integrated Security Appliance, Security Solution for Education and Unified Security, the 2007 Tomorrow's Technology Today Award for Unified Security was rated Positive by Gartner in its Marketscope for SMB multi-function firewalls. Cyberoam has offices in the Woburn, MA, USA and India. For more information, please visit www.cyberoam.com.

About Elitecore Technologies Limited

Elitecore Technologies Limited is the global provider of Cyberoam UTM appliances. Elitecore's other divisions include Crestel Convergent Billing Solution that meets the voice, data, video billing and customer care requirements of Tier-1 service providers and 24online Billing and Bandwidth Management Solution for hotels, hotspots and Internet service providers. Elitecore has a strong R&D base and support center in India; it has sustained a healthy growth rate of over 75% since inception. For more information, please visit www.elitecore.com

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-02
fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is &...
PUBLISHED: 2021-03-02
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied server is `/pub/`, a user expect that accessing...
PUBLISHED: 2021-03-02
matrix-react-sdk is an npm package which is a Matrix SDK for React Javascript. In matrix-react-sdk before version 3.15.0, the user content sandbox can be abused to trick users into opening unexpected documents. The content is opened with a `blob` origin that cannot access Matrix user data, so messag...
PUBLISHED: 2021-03-02
Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later.
PUBLISHED: 2021-03-02
A buffer overflow vulnerability in the AT command interface of Gigaset DX600A v41.00-175 devices allows remote attackers to force a device reboot by sending relatively long AT commands.